11241100x8000000000000000256348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4ddcff5e5d95a202023-02-08 09:41:11.234root 11241100x8000000000000000256347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba04d1ca3660591b2023-02-08 09:41:11.234root 11241100x8000000000000000256346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.830a43c072bae8f12023-02-08 09:41:11.234root 11241100x8000000000000000256345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4546bbb826d2bb322023-02-08 09:41:11.234root 11241100x8000000000000000256344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb5ab73f28f6d0532023-02-08 09:41:11.234root 11241100x8000000000000000256343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f0e78369ebadcf12023-02-08 09:41:11.234root 11241100x8000000000000000256342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.747ff9ee6ec655e42023-02-08 09:41:11.234root 11241100x8000000000000000256341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ed2404e059403432023-02-08 09:41:11.234root 11241100x8000000000000000256364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f93423602a00e212023-02-08 09:41:11.235root 11241100x8000000000000000256363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c27892b7bac55e2023-02-08 09:41:11.235root 11241100x8000000000000000256362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f58d6519de6d703f2023-02-08 09:41:11.235root 11241100x8000000000000000256361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ecddd9ff5c8a3ea2023-02-08 09:41:11.235root 11241100x8000000000000000256360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba2426792784b5b22023-02-08 09:41:11.235root 11241100x8000000000000000256359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.629011b907887d942023-02-08 09:41:11.235root 11241100x8000000000000000256358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.553a9c840f09a7062023-02-08 09:41:11.235root 11241100x8000000000000000256357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e7405d1c9087e42023-02-08 09:41:11.235root 11241100x8000000000000000256356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6873dbbf691053af2023-02-08 09:41:11.235root 11241100x8000000000000000256355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b6b58c34dc0c16c2023-02-08 09:41:11.235root 11241100x8000000000000000256354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a63b1e73186ee13d2023-02-08 09:41:11.235root 11241100x8000000000000000256353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc40a1a4972bc4f2023-02-08 09:41:11.235root 11241100x8000000000000000256352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f42c51c50a3cec02023-02-08 09:41:11.235root 11241100x8000000000000000256351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c8276b550679bc92023-02-08 09:41:11.235root 11241100x8000000000000000256350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c7e9a4536aced92023-02-08 09:41:11.235root 11241100x8000000000000000256349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4c5c29d7ba55cc32023-02-08 09:41:11.235root 11241100x8000000000000000256379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc5856ceda5ffc02023-02-08 09:41:11.236root 11241100x8000000000000000256378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5438d66a9aa9ab852023-02-08 09:41:11.236root 11241100x8000000000000000256377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09b7416b55d6db42023-02-08 09:41:11.236root 11241100x8000000000000000256376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b0b4db82caf8b172023-02-08 09:41:11.236root 11241100x8000000000000000256375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b43e79ddc7fb31ed2023-02-08 09:41:11.236root 11241100x8000000000000000256374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ee2dff11f6617b2023-02-08 09:41:11.236root 11241100x8000000000000000256373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.580e0eed2230d3e42023-02-08 09:41:11.236root 11241100x8000000000000000256372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68212144e931c6c72023-02-08 09:41:11.236root 11241100x8000000000000000256371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c38901729099aad92023-02-08 09:41:11.236root 11241100x8000000000000000256370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5b9dc8e1a6dd2b32023-02-08 09:41:11.236root 11241100x8000000000000000256369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e8da10cfc3551142023-02-08 09:41:11.236root 11241100x8000000000000000256368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b010b0a3f3063632023-02-08 09:41:11.236root 11241100x8000000000000000256367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e79a406ca77015f22023-02-08 09:41:11.236root 11241100x8000000000000000256366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b0a35650ce751da2023-02-08 09:41:11.236root 11241100x8000000000000000256365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79926a05b8ff7b652023-02-08 09:41:11.236root 11241100x8000000000000000256387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.993cf7e0bf0382352023-02-08 09:41:11.237root 11241100x8000000000000000256386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c82b7ea7a812502023-02-08 09:41:11.237root 11241100x8000000000000000256385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf935f4dfe3ef3eb2023-02-08 09:41:11.237root 11241100x8000000000000000256384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65a74c1d9b1169432023-02-08 09:41:11.237root 11241100x8000000000000000256383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c92118ebc32fe22023-02-08 09:41:11.237root 11241100x8000000000000000256382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7415c8591d48814b2023-02-08 09:41:11.237root 11241100x8000000000000000256381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9dd24d729dfc3fa2023-02-08 09:41:11.237root 11241100x8000000000000000256380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04bf2dace1b606602023-02-08 09:41:11.237root 11241100x8000000000000000256392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db7a9189afaa83052023-02-08 09:41:11.734root 11241100x8000000000000000256391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c607cead39147f2023-02-08 09:41:11.734root 11241100x8000000000000000256390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef20a63ad65f0a3f2023-02-08 09:41:11.734root 11241100x8000000000000000256389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa378386c35b90322023-02-08 09:41:11.734root 11241100x8000000000000000256388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a90c343e23d9d282023-02-08 09:41:11.734root 11241100x8000000000000000256408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ab7af42222c7422023-02-08 09:41:11.735root 11241100x8000000000000000256407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.186eb1057ce0d1e62023-02-08 09:41:11.735root 11241100x8000000000000000256406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76a83fa6fd5a85772023-02-08 09:41:11.735root 11241100x8000000000000000256405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67600e973e5b75462023-02-08 09:41:11.735root 11241100x8000000000000000256404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e2e249a729561c2023-02-08 09:41:11.735root 11241100x8000000000000000256403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad414e4c1da1c122023-02-08 09:41:11.735root 11241100x8000000000000000256402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67cd3cbbafcf409c2023-02-08 09:41:11.735root 11241100x8000000000000000256401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4261db08ce82a4a52023-02-08 09:41:11.735root 11241100x8000000000000000256400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be1a305f5916e06b2023-02-08 09:41:11.735root 11241100x8000000000000000256399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2f17065605267a2023-02-08 09:41:11.735root 11241100x8000000000000000256398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75f3b947a2fc77632023-02-08 09:41:11.735root 11241100x8000000000000000256397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f76f5ee81116f32023-02-08 09:41:11.735root 11241100x8000000000000000256396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dcbc2cbd528cbbe2023-02-08 09:41:11.735root 11241100x8000000000000000256395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c046d55e0953ae32023-02-08 09:41:11.735root 11241100x8000000000000000256394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a06b7c8910ce1c0b2023-02-08 09:41:11.735root 11241100x8000000000000000256393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24cb2427434a12532023-02-08 09:41:11.735root 11241100x8000000000000000256423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d91aa945b3973ef2023-02-08 09:41:11.736root 11241100x8000000000000000256422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bd71d92e6e5b3102023-02-08 09:41:11.736root 11241100x8000000000000000256421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f58cdab667e49432023-02-08 09:41:11.736root 11241100x8000000000000000256420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a158d73f836e5d1d2023-02-08 09:41:11.736root 11241100x8000000000000000256419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f794399d584fab0e2023-02-08 09:41:11.736root 11241100x8000000000000000256418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04032e2f91217b922023-02-08 09:41:11.736root 11241100x8000000000000000256417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a28f6f9b47764c912023-02-08 09:41:11.736root 11241100x8000000000000000256416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581d3623375f6ef62023-02-08 09:41:11.736root 11241100x8000000000000000256415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5ed9c5d8fc5efff2023-02-08 09:41:11.736root 11241100x8000000000000000256414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953c917315a4f10c2023-02-08 09:41:11.736root 11241100x8000000000000000256413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a38cdbb61d19de32023-02-08 09:41:11.736root 11241100x8000000000000000256412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92eb6f4bb1d7bcaa2023-02-08 09:41:11.736root 11241100x8000000000000000256411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ff7dc7f142f3e72023-02-08 09:41:11.736root 11241100x8000000000000000256410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e49f568082167bb2023-02-08 09:41:11.736root 11241100x8000000000000000256409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1beeee2a14705c12023-02-08 09:41:11.736root 11241100x8000000000000000256435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6ddae1ac4e9ee12023-02-08 09:41:11.737root 11241100x8000000000000000256434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea52ad5b26cacbfa2023-02-08 09:41:11.737root 11241100x8000000000000000256433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62a4be3e2d7716012023-02-08 09:41:11.737root 11241100x8000000000000000256432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e47eafef78f05562023-02-08 09:41:11.737root 11241100x8000000000000000256431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62601a1966ae19532023-02-08 09:41:11.737root 11241100x8000000000000000256430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57a4bfc3dbc4a9e02023-02-08 09:41:11.737root 11241100x8000000000000000256429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.477d92e189accd382023-02-08 09:41:11.737root 11241100x8000000000000000256428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c7afcca68db8db2023-02-08 09:41:11.737root 11241100x8000000000000000256427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e1ca48d85b0beff2023-02-08 09:41:11.737root 11241100x8000000000000000256426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.badd36357188e99d2023-02-08 09:41:11.737root 11241100x8000000000000000256425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d65f6c8ba1cddc2023-02-08 09:41:11.737root 11241100x8000000000000000256424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b5b9770205d4242023-02-08 09:41:11.737root 11241100x8000000000000000256437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.417a110f6a5fdd652023-02-08 09:41:11.740root 11241100x8000000000000000256436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bc754b0ca0f33622023-02-08 09:41:11.740root 11241100x8000000000000000256443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ff8a4f7b1ee03b2023-02-08 09:41:12.234root 11241100x8000000000000000256442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.758ca1cc4ef525822023-02-08 09:41:12.234root 11241100x8000000000000000256441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f960707434a8f38b2023-02-08 09:41:12.234root 11241100x8000000000000000256440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888458f0d5aaa8a42023-02-08 09:41:12.234root 11241100x8000000000000000256439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.144b9e6464adaa532023-02-08 09:41:12.234root 11241100x8000000000000000256438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd2725182cdda882023-02-08 09:41:12.234root 11241100x8000000000000000256448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66765a0fe351d4c42023-02-08 09:41:12.235root 11241100x8000000000000000256447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58a875cf16e66bc82023-02-08 09:41:12.235root 11241100x8000000000000000256446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6786459c84dbc5fd2023-02-08 09:41:12.235root 11241100x8000000000000000256445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c73d5f64f8744f4e2023-02-08 09:41:12.235root 11241100x8000000000000000256444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae24400523443d122023-02-08 09:41:12.235root 11241100x8000000000000000256456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6499f218ebfd3c822023-02-08 09:41:12.236root 11241100x8000000000000000256455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eff7ccf2af5df57e2023-02-08 09:41:12.236root 11241100x8000000000000000256454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df8dc654a2cbf60b2023-02-08 09:41:12.236root 11241100x8000000000000000256453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9fe1222121ceb72023-02-08 09:41:12.236root 11241100x8000000000000000256452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ff91d60c6980e42023-02-08 09:41:12.236root 11241100x8000000000000000256451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91dbd226c5fa6a5b2023-02-08 09:41:12.236root 11241100x8000000000000000256450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff62f621fc02c6912023-02-08 09:41:12.236root 11241100x8000000000000000256449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bece1b5524ff18a2023-02-08 09:41:12.236root 11241100x8000000000000000256464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15dd3491e8fa6ef32023-02-08 09:41:12.237root 11241100x8000000000000000256463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94d5d4cf88af8a0e2023-02-08 09:41:12.237root 11241100x8000000000000000256462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dca0c77e508640522023-02-08 09:41:12.237root 11241100x8000000000000000256461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aee53ca1b70b55f2023-02-08 09:41:12.237root 11241100x8000000000000000256460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.822bdb3afdab93ca2023-02-08 09:41:12.237root 11241100x8000000000000000256459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d06394c3dc4995f92023-02-08 09:41:12.237root 11241100x8000000000000000256458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f49067fcbe465b82023-02-08 09:41:12.237root 11241100x8000000000000000256457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.779772ec03bf51ec2023-02-08 09:41:12.237root 11241100x8000000000000000256472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1358b62bf7812142023-02-08 09:41:12.238root 11241100x8000000000000000256471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2516436ba8dcc7be2023-02-08 09:41:12.238root 11241100x8000000000000000256470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78016480592168422023-02-08 09:41:12.238root 11241100x8000000000000000256469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef45bd9ea93e76f2023-02-08 09:41:12.238root 11241100x8000000000000000256468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.812fe179e4c006262023-02-08 09:41:12.238root 11241100x8000000000000000256467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e42f01d12a6d352023-02-08 09:41:12.238root 11241100x8000000000000000256466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3153a6705ac4c34c2023-02-08 09:41:12.238root 11241100x8000000000000000256465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.565571656a304a0c2023-02-08 09:41:12.238root 11241100x8000000000000000256476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ee7f668b3bff552023-02-08 09:41:12.239root 11241100x8000000000000000256475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15bf64c1a5a98cc32023-02-08 09:41:12.239root 11241100x8000000000000000256474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d22838501c6c6b72023-02-08 09:41:12.239root 11241100x8000000000000000256473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56a2352d426f1d642023-02-08 09:41:12.239root 11241100x8000000000000000256486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc694d20ce8f3ca62023-02-08 09:41:12.240root 11241100x8000000000000000256485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d464098d3a975c7a2023-02-08 09:41:12.240root 11241100x8000000000000000256484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abbf1adc0a5395652023-02-08 09:41:12.240root 11241100x8000000000000000256483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.235cc36c02344cec2023-02-08 09:41:12.240root 11241100x8000000000000000256482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb2995e439b6b28b2023-02-08 09:41:12.240root 11241100x8000000000000000256481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9abf42aabbc146022023-02-08 09:41:12.240root 11241100x8000000000000000256480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52e5ce87ca504faa2023-02-08 09:41:12.240root 11241100x8000000000000000256479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1d82f8745981ba22023-02-08 09:41:12.240root 11241100x8000000000000000256478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a5afac1bc2f51b22023-02-08 09:41:12.240root 11241100x8000000000000000256477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ce1d99e11ccd9f2023-02-08 09:41:12.240root 11241100x8000000000000000256490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.311a51f39e199c772023-02-08 09:41:12.241root 11241100x8000000000000000256489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.078f69118c3332a12023-02-08 09:41:12.241root 11241100x8000000000000000256488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1bed33537018b4e2023-02-08 09:41:12.241root 11241100x8000000000000000256487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6537e71ca2daf5c82023-02-08 09:41:12.241root 11241100x8000000000000000256493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d46ab7169aacbbeb2023-02-08 09:41:12.734root 11241100x8000000000000000256492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2abb5a0da43117f32023-02-08 09:41:12.734root 11241100x8000000000000000256491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6be269d6abc42732023-02-08 09:41:12.734root 11241100x8000000000000000256505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd90bb5bdb1227992023-02-08 09:41:12.735root 11241100x8000000000000000256504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e97549de877d5652023-02-08 09:41:12.735root 11241100x8000000000000000256503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25f1ca25e808110b2023-02-08 09:41:12.735root 11241100x8000000000000000256502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a1b58c424148b372023-02-08 09:41:12.735root 11241100x8000000000000000256501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9872f38a2f114e822023-02-08 09:41:12.735root 11241100x8000000000000000256500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c1c55f08743d952023-02-08 09:41:12.735root 11241100x8000000000000000256499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ce4e24f39c70c02023-02-08 09:41:12.735root 11241100x8000000000000000256498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f9849d50a99148a2023-02-08 09:41:12.735root 11241100x8000000000000000256497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.750b22553ca9eda42023-02-08 09:41:12.735root 11241100x8000000000000000256496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0eddd7111ae75d12023-02-08 09:41:12.735root 11241100x8000000000000000256495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f119a581c875bc2023-02-08 09:41:12.735root 11241100x8000000000000000256494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a7760e4e05af44a2023-02-08 09:41:12.735root 11241100x8000000000000000256514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa013289c041de302023-02-08 09:41:12.736root 11241100x8000000000000000256513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9369fc3e764ef0702023-02-08 09:41:12.736root 11241100x8000000000000000256512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a2a771cd3cf9ad92023-02-08 09:41:12.736root 11241100x8000000000000000256511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.936c2f91ca63a37a2023-02-08 09:41:12.736root 11241100x8000000000000000256510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.985d4b9900f800bb2023-02-08 09:41:12.736root 11241100x8000000000000000256509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e328bde293ea3a802023-02-08 09:41:12.736root 11241100x8000000000000000256508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e980cf57eec9c42023-02-08 09:41:12.736root 11241100x8000000000000000256507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a0850493e04a582023-02-08 09:41:12.736root 11241100x8000000000000000256506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c8b0bf9f762fbe2023-02-08 09:41:12.736root 11241100x8000000000000000256523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe8bb73ac7bd0472023-02-08 09:41:12.737root 11241100x8000000000000000256522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe01d551a2c81f8f2023-02-08 09:41:12.737root 11241100x8000000000000000256521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c93c9d3e4905aa72023-02-08 09:41:12.737root 11241100x8000000000000000256520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9429e5e5fce239da2023-02-08 09:41:12.737root 11241100x8000000000000000256519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b089d40bb644662023-02-08 09:41:12.737root 11241100x8000000000000000256518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7957b9de1a3bff892023-02-08 09:41:12.737root 11241100x8000000000000000256517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2699a5fe6fec77972023-02-08 09:41:12.737root 11241100x8000000000000000256516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b94e73a29f21692023-02-08 09:41:12.737root 11241100x8000000000000000256515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8402d357a0b8d172023-02-08 09:41:12.737root 11241100x8000000000000000256536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5dcf293a007ae112023-02-08 09:41:12.738root 11241100x8000000000000000256535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f6f5a18d619dd6a2023-02-08 09:41:12.738root 11241100x8000000000000000256534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde3310da5236b802023-02-08 09:41:12.738root 11241100x8000000000000000256533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1addac677229baaa2023-02-08 09:41:12.738root 11241100x8000000000000000256532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9773fb8f5c0be82023-02-08 09:41:12.738root 11241100x8000000000000000256531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24619af9ca1af9cd2023-02-08 09:41:12.738root 11241100x8000000000000000256530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d7ad9d7b97b8692023-02-08 09:41:12.738root 11241100x8000000000000000256529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.355a8c92d78d965e2023-02-08 09:41:12.738root 11241100x8000000000000000256528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.150e30a6e07f129b2023-02-08 09:41:12.738root 11241100x8000000000000000256527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e68dc84ed2c2e9132023-02-08 09:41:12.738root 11241100x8000000000000000256526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e595a0df5c0941ee2023-02-08 09:41:12.738root 11241100x8000000000000000256525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01c17cb664cb90212023-02-08 09:41:12.738root 11241100x8000000000000000256524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f31ad75f748eaa32023-02-08 09:41:12.738root 11241100x8000000000000000256537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0cec9f963deef02023-02-08 09:41:12.739root 11241100x8000000000000000256542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef95c0963137d1d2023-02-08 09:41:12.740root 11241100x8000000000000000256541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeab70454e52f2bd2023-02-08 09:41:12.740root 11241100x8000000000000000256540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51a0361575331da32023-02-08 09:41:12.740root 11241100x8000000000000000256539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2e9d7a743296bfa2023-02-08 09:41:12.740root 11241100x8000000000000000256538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f0887e9c2aff542023-02-08 09:41:12.740root 11241100x8000000000000000256546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ec5b5893351b4d2023-02-08 09:41:12.741root 11241100x8000000000000000256545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53edb5b5c7b32d8e2023-02-08 09:41:12.741root 11241100x8000000000000000256544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c02034c466606482023-02-08 09:41:12.741root 11241100x8000000000000000256543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.484b04e1848a066b2023-02-08 09:41:12.741root 354300x8000000000000000256547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.110{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-45760-false10.0.1.12-8000- 11241100x8000000000000000256552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.111{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4ea5b534bd306e2023-02-08 09:41:13.111root 11241100x8000000000000000256551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.111{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e9b06a6cd036ef2023-02-08 09:41:13.111root 11241100x8000000000000000256550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.111{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca4d1d49a7a54fc12023-02-08 09:41:13.111root 11241100x8000000000000000256549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.111{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dade1d58f064ccde2023-02-08 09:41:13.111root 11241100x8000000000000000256548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.111{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca78bcd42ece30eb2023-02-08 09:41:13.111root 11241100x8000000000000000256563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.112{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf21d0694e05ac02023-02-08 09:41:13.112root 11241100x8000000000000000256562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.112{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6f95c445cce6e4c2023-02-08 09:41:13.112root 11241100x8000000000000000256561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.112{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7253ad5b7d478f0d2023-02-08 09:41:13.112root 11241100x8000000000000000256560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.112{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d467b5a112c118452023-02-08 09:41:13.112root 11241100x8000000000000000256559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.112{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a57e2829492d06f2023-02-08 09:41:13.112root 11241100x8000000000000000256558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.112{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a55d6c2a93a42eaa2023-02-08 09:41:13.112root 11241100x8000000000000000256557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.112{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d2b6a355e84ef42023-02-08 09:41:13.112root 11241100x8000000000000000256556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.112{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa2b0b57e1549e32023-02-08 09:41:13.112root 11241100x8000000000000000256555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.112{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f70489c9521d804a2023-02-08 09:41:13.112root 11241100x8000000000000000256554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.112{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d25b13a9a1934be82023-02-08 09:41:13.112root 11241100x8000000000000000256553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.112{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d72c54e7f73a912023-02-08 09:41:13.112root 11241100x8000000000000000256571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.113{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b3ae844879ecbf2023-02-08 09:41:13.113root 11241100x8000000000000000256570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.113{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.490fac488ab04e812023-02-08 09:41:13.113root 11241100x8000000000000000256569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.113{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc1ba6a04e1c59692023-02-08 09:41:13.113root 11241100x8000000000000000256568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.113{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d093c5c08b466a772023-02-08 09:41:13.113root 11241100x8000000000000000256567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.113{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e1675e7f13b01552023-02-08 09:41:13.113root 11241100x8000000000000000256566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.113{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ba5362aaf7220462023-02-08 09:41:13.113root 11241100x8000000000000000256565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.113{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6472bd3d527ebb282023-02-08 09:41:13.113root 11241100x8000000000000000256564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.113{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.460f19fbc757d1ba2023-02-08 09:41:13.113root 11241100x8000000000000000256574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.114{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ad2491c9aa18fa2023-02-08 09:41:13.114root 11241100x8000000000000000256573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.114{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29eea1da0007eb172023-02-08 09:41:13.114root 11241100x8000000000000000256572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.114{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09908d0f0a3e7af72023-02-08 09:41:13.114root 11241100x8000000000000000256579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.115{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6567fa3c123d6542023-02-08 09:41:13.115root 11241100x8000000000000000256578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.115{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b29878cfecab9b032023-02-08 09:41:13.115root 11241100x8000000000000000256577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.115{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d0ce6d7a4b39db2023-02-08 09:41:13.115root 11241100x8000000000000000256576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.115{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.127b848349f042792023-02-08 09:41:13.115root 11241100x8000000000000000256575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.115{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce521b307f789f762023-02-08 09:41:13.115root 11241100x8000000000000000256587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.116{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc28c1f3ba9b7902023-02-08 09:41:13.116root 11241100x8000000000000000256586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.116{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775e7a669a1068872023-02-08 09:41:13.116root 11241100x8000000000000000256585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.116{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e51d6cd66d13f72023-02-08 09:41:13.116root 11241100x8000000000000000256584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.116{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae99ccf5eeedba842023-02-08 09:41:13.116root 11241100x8000000000000000256583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.116{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fd1bd128e60382b2023-02-08 09:41:13.116root 11241100x8000000000000000256582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.116{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.705d5c3029f607a62023-02-08 09:41:13.116root 11241100x8000000000000000256581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.116{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af87e5a35659872c2023-02-08 09:41:13.116root 11241100x8000000000000000256580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.116{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f0f04bad6ada142023-02-08 09:41:13.116root 11241100x8000000000000000256594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.117{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e956fc4a45f40a592023-02-08 09:41:13.117root 11241100x8000000000000000256593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.117{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe412973757c68672023-02-08 09:41:13.117root 11241100x8000000000000000256592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.117{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80534f06e884b3d02023-02-08 09:41:13.117root 11241100x8000000000000000256591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.117{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.047c7d87ebbcb2b82023-02-08 09:41:13.117root 11241100x8000000000000000256590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.117{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f37d6fe9bd5f33d62023-02-08 09:41:13.117root 11241100x8000000000000000256589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.117{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b1047060a9ef372023-02-08 09:41:13.117root 11241100x8000000000000000256588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.117{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f14f78872558c43d2023-02-08 09:41:13.117root 11241100x8000000000000000256604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.118{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf83b70522eb83fe2023-02-08 09:41:13.118root 11241100x8000000000000000256603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.118{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b37e63536e4c0832023-02-08 09:41:13.118root 11241100x8000000000000000256602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.118{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d785f3a2ecc34f92023-02-08 09:41:13.118root 11241100x8000000000000000256601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.118{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0870d410ccba51fd2023-02-08 09:41:13.118root 11241100x8000000000000000256600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.118{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c4e2099f980157d2023-02-08 09:41:13.118root 11241100x8000000000000000256599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.118{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27c3567f4cd38a612023-02-08 09:41:13.118root 11241100x8000000000000000256598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.118{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b583a2594006a4a62023-02-08 09:41:13.118root 11241100x8000000000000000256597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.118{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ac6fc6d610dcf12023-02-08 09:41:13.118root 11241100x8000000000000000256596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.118{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba36fd4b63f1d2ab2023-02-08 09:41:13.118root 11241100x8000000000000000256595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.118{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce94688880f7e8952023-02-08 09:41:13.118root 11241100x8000000000000000256609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.119{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b37dd3b192e643162023-02-08 09:41:13.119root 11241100x8000000000000000256608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.119{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f58991160b48ecd2023-02-08 09:41:13.119root 11241100x8000000000000000256607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.119{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e4e999b49e0d7d2023-02-08 09:41:13.119root 11241100x8000000000000000256606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.119{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.990dcfcfb14431d82023-02-08 09:41:13.119root 11241100x8000000000000000256605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.119{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f743d57ad0503092023-02-08 09:41:13.119root 11241100x8000000000000000256615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.120{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d96e227372d16f072023-02-08 09:41:13.120root 11241100x8000000000000000256614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.120{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d3eb29fc3542ba82023-02-08 09:41:13.120root 11241100x8000000000000000256613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.120{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a56bc26cb7430d32023-02-08 09:41:13.120root 11241100x8000000000000000256612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.120{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0480c86e43de8db2023-02-08 09:41:13.120root 11241100x8000000000000000256611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.120{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a07604e4349757e72023-02-08 09:41:13.120root 11241100x8000000000000000256610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.120{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e1c34bf5a826fe22023-02-08 09:41:13.120root 11241100x8000000000000000256617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.121{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.865101d672568e4b2023-02-08 09:41:13.121root 11241100x8000000000000000256616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.121{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68111f883890aec42023-02-08 09:41:13.121root 11241100x8000000000000000256622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.122{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ab5b6cc6b861c22023-02-08 09:41:13.122root 11241100x8000000000000000256621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.122{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5818756b8ca0ce952023-02-08 09:41:13.122root 11241100x8000000000000000256620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.122{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.145544ece67e04662023-02-08 09:41:13.122root 11241100x8000000000000000256619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.122{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdbb8d47281a45262023-02-08 09:41:13.122root 11241100x8000000000000000256618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.122{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b254fffd22362412023-02-08 09:41:13.122root 11241100x8000000000000000256626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49b8ff93573d61032023-02-08 09:41:13.485root 11241100x8000000000000000256625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2147b7cf700c83b2023-02-08 09:41:13.485root 11241100x8000000000000000256624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c318aa1684f3666c2023-02-08 09:41:13.485root 11241100x8000000000000000256623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf5463e38dc2d4892023-02-08 09:41:13.485root 11241100x8000000000000000256638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca8b4277fd5f1db02023-02-08 09:41:13.486root 11241100x8000000000000000256637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32a91f13006a1ec42023-02-08 09:41:13.486root 11241100x8000000000000000256636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.853f2b46274337672023-02-08 09:41:13.486root 11241100x8000000000000000256635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0990bb04b04f1eb42023-02-08 09:41:13.486root 11241100x8000000000000000256634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.063cf56b497fca142023-02-08 09:41:13.486root 11241100x8000000000000000256633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ed5f8a465c9f502023-02-08 09:41:13.486root 11241100x8000000000000000256632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.179bacc97e7367b32023-02-08 09:41:13.486root 11241100x8000000000000000256631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2e8ea8f2f146c42023-02-08 09:41:13.486root 11241100x8000000000000000256630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b56a41bb2db6a012023-02-08 09:41:13.486root 11241100x8000000000000000256629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42114290095ce88a2023-02-08 09:41:13.486root 11241100x8000000000000000256628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d62bfebc8d88f4072023-02-08 09:41:13.486root 11241100x8000000000000000256627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c7999f650877c82023-02-08 09:41:13.486root 11241100x8000000000000000256640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb32727c9dab2812023-02-08 09:41:13.487root 11241100x8000000000000000256639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cdd0299b921a2ba2023-02-08 09:41:13.487root 11241100x8000000000000000256649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08a2916d2a2633e72023-02-08 09:41:13.488root 11241100x8000000000000000256648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7aa0182f62fbfc52023-02-08 09:41:13.488root 11241100x8000000000000000256647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e08d1843ea2b3ca02023-02-08 09:41:13.488root 11241100x8000000000000000256646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ea7c8cd7fb5eeb2023-02-08 09:41:13.488root 11241100x8000000000000000256645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0a1b6787880c4ec2023-02-08 09:41:13.488root 11241100x8000000000000000256644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.772beafc4c8296d22023-02-08 09:41:13.488root 11241100x8000000000000000256643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d5ffe0ac360ece02023-02-08 09:41:13.488root 11241100x8000000000000000256642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05094f1f171d16aa2023-02-08 09:41:13.488root 11241100x8000000000000000256641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a0e19c24c21b5b2023-02-08 09:41:13.488root 11241100x8000000000000000256652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d672794cc4e62c792023-02-08 09:41:13.489root 11241100x8000000000000000256651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.088dba22bc2433072023-02-08 09:41:13.489root 11241100x8000000000000000256650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e061289019f01f802023-02-08 09:41:13.489root 11241100x8000000000000000256659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.978326ff4c93ed542023-02-08 09:41:13.496root 11241100x8000000000000000256658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e23485a47fce4f22023-02-08 09:41:13.496root 11241100x8000000000000000256657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f464fb93ceb5e172023-02-08 09:41:13.496root 11241100x8000000000000000256656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.780285a2deb9834d2023-02-08 09:41:13.496root 11241100x8000000000000000256655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceaecceec195b9d12023-02-08 09:41:13.496root 11241100x8000000000000000256654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61978aa8a99015b82023-02-08 09:41:13.496root 11241100x8000000000000000256653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bc6b03f5ec850092023-02-08 09:41:13.496root 11241100x8000000000000000256667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb5c4a7b90778df52023-02-08 09:41:13.497root 11241100x8000000000000000256666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b885ff83717da4332023-02-08 09:41:13.497root 11241100x8000000000000000256665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f026dcf29fb2a3aa2023-02-08 09:41:13.497root 11241100x8000000000000000256664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81c29ef8eb78057d2023-02-08 09:41:13.497root 11241100x8000000000000000256663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e32c35462fc44cb22023-02-08 09:41:13.497root 11241100x8000000000000000256662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9989113bd21051e2023-02-08 09:41:13.497root 11241100x8000000000000000256661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32437ad162bbc03b2023-02-08 09:41:13.497root 11241100x8000000000000000256660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e84d7c8e4b80a87c2023-02-08 09:41:13.497root 11241100x8000000000000000256677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1943745523c9e422023-02-08 09:41:13.985root 11241100x8000000000000000256676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200be8c0e91bd3342023-02-08 09:41:13.985root 11241100x8000000000000000256675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52440fea57ae50192023-02-08 09:41:13.985root 11241100x8000000000000000256674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d87519b80453fe2023-02-08 09:41:13.985root 11241100x8000000000000000256673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.397f9f9d6919de842023-02-08 09:41:13.985root 11241100x8000000000000000256672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd0ccfbd451f8162023-02-08 09:41:13.985root 11241100x8000000000000000256671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1dd9db4917d145f2023-02-08 09:41:13.985root 11241100x8000000000000000256670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d522e03ada477492023-02-08 09:41:13.985root 11241100x8000000000000000256669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2353bcc8abb4cbd2023-02-08 09:41:13.985root 11241100x8000000000000000256668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd758442d7f5eec82023-02-08 09:41:13.985root 11241100x8000000000000000256686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3929cea2c33015c02023-02-08 09:41:13.986root 11241100x8000000000000000256685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc345009a4e3a1822023-02-08 09:41:13.986root 11241100x8000000000000000256684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a751a5e59023730b2023-02-08 09:41:13.986root 11241100x8000000000000000256683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52d48f8b0c3cc9b52023-02-08 09:41:13.986root 11241100x8000000000000000256682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5436bb4be20f8f4a2023-02-08 09:41:13.986root 11241100x8000000000000000256681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50a607fa5dd328132023-02-08 09:41:13.986root 11241100x8000000000000000256680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9ca8822906476652023-02-08 09:41:13.986root 11241100x8000000000000000256679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee959355050b2cdb2023-02-08 09:41:13.986root 11241100x8000000000000000256678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c93c3f27c7bb4802023-02-08 09:41:13.986root 11241100x8000000000000000256696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d298b571ee7850c22023-02-08 09:41:13.987root 11241100x8000000000000000256695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e198e964245497d22023-02-08 09:41:13.987root 11241100x8000000000000000256694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.901d8c9a84a842d42023-02-08 09:41:13.987root 11241100x8000000000000000256693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b3885b2329044cf2023-02-08 09:41:13.987root 11241100x8000000000000000256692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65cf0d347ffd24122023-02-08 09:41:13.987root 11241100x8000000000000000256691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b093eff3dea9ad2023-02-08 09:41:13.987root 11241100x8000000000000000256690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a5af7747fff0f3e2023-02-08 09:41:13.987root 11241100x8000000000000000256689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f589da7acf190212023-02-08 09:41:13.987root 11241100x8000000000000000256688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a88aa8311bff3612023-02-08 09:41:13.987root 11241100x8000000000000000256687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881bd3e0df195d742023-02-08 09:41:13.987root 11241100x8000000000000000256706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75502ffc7d4e67da2023-02-08 09:41:13.988root 11241100x8000000000000000256705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.828bb91d405127b22023-02-08 09:41:13.988root 11241100x8000000000000000256704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b004d2c1865ac312023-02-08 09:41:13.988root 11241100x8000000000000000256703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398dffc254ad5f802023-02-08 09:41:13.988root 11241100x8000000000000000256702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddcbe7b39cdec97c2023-02-08 09:41:13.988root 11241100x8000000000000000256701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab26f5000b3865c2023-02-08 09:41:13.988root 11241100x8000000000000000256700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c01a949453b7aa2023-02-08 09:41:13.988root 11241100x8000000000000000256699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2845a220c3007d632023-02-08 09:41:13.988root 11241100x8000000000000000256698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c89cdb49baad1732023-02-08 09:41:13.988root 11241100x8000000000000000256697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b2f416660682382023-02-08 09:41:13.988root 11241100x8000000000000000256710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2643495dc691ccb2023-02-08 09:41:13.989root 11241100x8000000000000000256709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad484504e687ca422023-02-08 09:41:13.989root 11241100x8000000000000000256708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d58b9fb0d021ca2023-02-08 09:41:13.989root 11241100x8000000000000000256707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8053394c4a87b5a42023-02-08 09:41:13.989root 11241100x8000000000000000256713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aaa7faf60df1f6a2023-02-08 09:41:13.990root 11241100x8000000000000000256712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4117cc95cc00d9fb2023-02-08 09:41:13.990root 11241100x8000000000000000256711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be5b08648ceb54682023-02-08 09:41:13.990root 11241100x8000000000000000256720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b373012ef0120b02023-02-08 09:41:14.484root 11241100x8000000000000000256719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d011fcc31c0aa412023-02-08 09:41:14.484root 11241100x8000000000000000256718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc59b96d59fb30992023-02-08 09:41:14.484root 11241100x8000000000000000256717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f08e1ef50e922262023-02-08 09:41:14.484root 11241100x8000000000000000256716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a59f187992e7a422023-02-08 09:41:14.484root 11241100x8000000000000000256715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8339090248550b0e2023-02-08 09:41:14.484root 11241100x8000000000000000256714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67cc8aa69f47d0ba2023-02-08 09:41:14.484root 11241100x8000000000000000256728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb912f4ef9947bb2023-02-08 09:41:14.485root 11241100x8000000000000000256727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a507b1341a50a3a02023-02-08 09:41:14.485root 11241100x8000000000000000256726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ed034b1151da972023-02-08 09:41:14.485root 11241100x8000000000000000256725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e8c03dada5a8d982023-02-08 09:41:14.485root 11241100x8000000000000000256724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6613eeef1d4288f12023-02-08 09:41:14.485root 11241100x8000000000000000256723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.394c65586047eadf2023-02-08 09:41:14.485root 11241100x8000000000000000256722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c02db88e678f126a2023-02-08 09:41:14.485root 11241100x8000000000000000256721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac3b39fcdf07cc902023-02-08 09:41:14.485root 11241100x8000000000000000256737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0268ae5b9ed3d4d52023-02-08 09:41:14.486root 11241100x8000000000000000256736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a912996632af2cbc2023-02-08 09:41:14.486root 11241100x8000000000000000256735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c87188f665f1ad2023-02-08 09:41:14.486root 11241100x8000000000000000256734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec74a58467bc07f2023-02-08 09:41:14.486root 11241100x8000000000000000256733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c5274d11e4cb282023-02-08 09:41:14.486root 11241100x8000000000000000256732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f64bc99844d8be952023-02-08 09:41:14.486root 11241100x8000000000000000256731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63cd0269aee469752023-02-08 09:41:14.486root 11241100x8000000000000000256730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0786b7139d7c2b072023-02-08 09:41:14.486root 11241100x8000000000000000256729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.404f2de63b5ad9752023-02-08 09:41:14.486root 11241100x8000000000000000256747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84afccfdbcdd4fef2023-02-08 09:41:14.487root 11241100x8000000000000000256746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dcfca03e91bc8492023-02-08 09:41:14.487root 11241100x8000000000000000256745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.799372bbc1216b3b2023-02-08 09:41:14.487root 11241100x8000000000000000256744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8729aeaecceae7b2023-02-08 09:41:14.487root 11241100x8000000000000000256743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b7139d47c7000b2023-02-08 09:41:14.487root 11241100x8000000000000000256742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5627f96e76d74f502023-02-08 09:41:14.487root 11241100x8000000000000000256741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcfe217a5e66bad52023-02-08 09:41:14.487root 11241100x8000000000000000256740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33705f1c355633d82023-02-08 09:41:14.487root 11241100x8000000000000000256739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b661632c58b81b52023-02-08 09:41:14.487root 11241100x8000000000000000256738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b441b46c48dc2702023-02-08 09:41:14.487root 11241100x8000000000000000256759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a0a5e6ac913c2d2023-02-08 09:41:14.488root 11241100x8000000000000000256758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7a85c7fa39469d02023-02-08 09:41:14.488root 11241100x8000000000000000256757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adc82ef9c0beccb22023-02-08 09:41:14.488root 11241100x8000000000000000256756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25198f281b3143bd2023-02-08 09:41:14.488root 11241100x8000000000000000256755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cae49cb196eb3a4f2023-02-08 09:41:14.488root 11241100x8000000000000000256754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e78ab938096feaa2023-02-08 09:41:14.488root 11241100x8000000000000000256753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.243a53f2d2f9672d2023-02-08 09:41:14.488root 11241100x8000000000000000256752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc599f19a3e49b742023-02-08 09:41:14.488root 11241100x8000000000000000256751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdb8157cf701331d2023-02-08 09:41:14.488root 11241100x8000000000000000256750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1811f6d9d99422982023-02-08 09:41:14.488root 11241100x8000000000000000256749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267a9825bea1bfcb2023-02-08 09:41:14.488root 11241100x8000000000000000256748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03647db8bebfb4f92023-02-08 09:41:14.488root 11241100x8000000000000000256766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5fe31df5650f9352023-02-08 09:41:14.489root 11241100x8000000000000000256765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da74dc49bf11e3912023-02-08 09:41:14.489root 11241100x8000000000000000256764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9cae7f663c28c472023-02-08 09:41:14.489root 11241100x8000000000000000256763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e76b681c32db8f162023-02-08 09:41:14.489root 11241100x8000000000000000256762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.679403530631913b2023-02-08 09:41:14.489root 11241100x8000000000000000256761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59776dfe5b35cc8a2023-02-08 09:41:14.489root 11241100x8000000000000000256760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1099f70b1425b6242023-02-08 09:41:14.489root 11241100x8000000000000000256774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.541196e41f09d8c72023-02-08 09:41:14.984root 11241100x8000000000000000256773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff16433f4f187802023-02-08 09:41:14.984root 11241100x8000000000000000256772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c90a2a3d2b4c2a22023-02-08 09:41:14.984root 11241100x8000000000000000256771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a4940cc18915eb2023-02-08 09:41:14.984root 11241100x8000000000000000256770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.683d75ee489c9e262023-02-08 09:41:14.984root 11241100x8000000000000000256769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.579f6cdcf6d388e12023-02-08 09:41:14.984root 11241100x8000000000000000256768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d460db22c2f4296a2023-02-08 09:41:14.984root 11241100x8000000000000000256767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf4c5dc4fcf656452023-02-08 09:41:14.984root 11241100x8000000000000000256784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e2df6e45e8dc7202023-02-08 09:41:14.985root 11241100x8000000000000000256783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdceaf1c330094a62023-02-08 09:41:14.985root 11241100x8000000000000000256782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e47790f4a1604a2023-02-08 09:41:14.985root 11241100x8000000000000000256781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6354aac6dd857f42023-02-08 09:41:14.985root 11241100x8000000000000000256780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c8d0d17b9ee7d952023-02-08 09:41:14.985root 11241100x8000000000000000256779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd7b5524ef2a7c22023-02-08 09:41:14.985root 11241100x8000000000000000256778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a7d463892af55c2023-02-08 09:41:14.985root 11241100x8000000000000000256777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e499ec2795883b092023-02-08 09:41:14.985root 11241100x8000000000000000256776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e4a56e529c2277d2023-02-08 09:41:14.985root 11241100x8000000000000000256775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7df98e369ddb21e2023-02-08 09:41:14.985root 11241100x8000000000000000256795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1540d2768ff1090b2023-02-08 09:41:14.986root 11241100x8000000000000000256794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adea3218f53007452023-02-08 09:41:14.986root 11241100x8000000000000000256793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb0c60556e204d22023-02-08 09:41:14.986root 11241100x8000000000000000256792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.882d9f59a3648e6d2023-02-08 09:41:14.986root 11241100x8000000000000000256791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.157cf9e732b02f172023-02-08 09:41:14.986root 11241100x8000000000000000256790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.305fbfe75e46484e2023-02-08 09:41:14.986root 11241100x8000000000000000256789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3357048366171c2e2023-02-08 09:41:14.986root 11241100x8000000000000000256788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62102b1a98658f942023-02-08 09:41:14.986root 11241100x8000000000000000256787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cefb4a6ebb7b48f2023-02-08 09:41:14.986root 11241100x8000000000000000256786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.205f2c57a9147bd12023-02-08 09:41:14.986root 11241100x8000000000000000256785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c321942242d4ad7b2023-02-08 09:41:14.986root 11241100x8000000000000000256804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17de5741fac76e302023-02-08 09:41:14.987root 11241100x8000000000000000256803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4daa0a571d8ddccd2023-02-08 09:41:14.987root 11241100x8000000000000000256802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbb367aae46f3d902023-02-08 09:41:14.987root 11241100x8000000000000000256801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfc39907b1365ce72023-02-08 09:41:14.987root 11241100x8000000000000000256800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a3a97a5b2137de42023-02-08 09:41:14.987root 11241100x8000000000000000256799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.751b6904a0fd93ef2023-02-08 09:41:14.987root 11241100x8000000000000000256798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e44f571f2f541d6c2023-02-08 09:41:14.987root 11241100x8000000000000000256797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.504c3756bcf878c42023-02-08 09:41:14.987root 11241100x8000000000000000256796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aa6972b14a620702023-02-08 09:41:14.987root 11241100x8000000000000000256814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6928c4f1dcbb4df2023-02-08 09:41:14.988root 11241100x8000000000000000256813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.561e210c5d0e84572023-02-08 09:41:14.988root 11241100x8000000000000000256812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6db74094bb4cfbb2023-02-08 09:41:14.988root 11241100x8000000000000000256811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.998110ea05465e7d2023-02-08 09:41:14.988root 11241100x8000000000000000256810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.085152755f6d4ab92023-02-08 09:41:14.988root 11241100x8000000000000000256809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb17846fae500932023-02-08 09:41:14.988root 11241100x8000000000000000256808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c148fa1da535322023-02-08 09:41:14.988root 11241100x8000000000000000256807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1018265102ada0d2023-02-08 09:41:14.988root 11241100x8000000000000000256806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.787692ce4c990f0d2023-02-08 09:41:14.988root 11241100x8000000000000000256805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62dc207a26800fa12023-02-08 09:41:14.988root 11241100x8000000000000000256818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56c5512b1b6475802023-02-08 09:41:14.989root 11241100x8000000000000000256817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b8e8d8e0898e95d2023-02-08 09:41:14.989root 11241100x8000000000000000256816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d27e0d51a2121c9f2023-02-08 09:41:14.989root 11241100x8000000000000000256815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05d905dc52d629672023-02-08 09:41:14.989root 11241100x8000000000000000256825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.651731ce3ca8d1f02023-02-08 09:41:15.484root 11241100x8000000000000000256824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18dac9bb78a6c4af2023-02-08 09:41:15.484root 11241100x8000000000000000256823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.183032413bdd93702023-02-08 09:41:15.484root 11241100x8000000000000000256822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a02d4c4794f2e78a2023-02-08 09:41:15.484root 11241100x8000000000000000256821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.841ccde65b454cfe2023-02-08 09:41:15.484root 11241100x8000000000000000256820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad80d9cbb1414fbc2023-02-08 09:41:15.484root 11241100x8000000000000000256819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf5a8149857cc2242023-02-08 09:41:15.484root 11241100x8000000000000000256832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9307def9d186ac3b2023-02-08 09:41:15.485root 11241100x8000000000000000256831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21f5c52573eca8dd2023-02-08 09:41:15.485root 11241100x8000000000000000256830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a84d93af56d4c3702023-02-08 09:41:15.485root 11241100x8000000000000000256829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a93a8f87e9d158982023-02-08 09:41:15.485root 11241100x8000000000000000256828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5c6134465dae8842023-02-08 09:41:15.485root 11241100x8000000000000000256827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d89c09a990fed32023-02-08 09:41:15.485root 11241100x8000000000000000256826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef6a447c5d39ac62023-02-08 09:41:15.485root 11241100x8000000000000000256841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.177f37213dae1fc12023-02-08 09:41:15.486root 11241100x8000000000000000256840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9290d831d949a9b32023-02-08 09:41:15.486root 11241100x8000000000000000256839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a83e23b6cd44272023-02-08 09:41:15.486root 11241100x8000000000000000256838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1f117af963771f42023-02-08 09:41:15.486root 11241100x8000000000000000256837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82fedfb815a165262023-02-08 09:41:15.486root 11241100x8000000000000000256836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a02830b6b6603232023-02-08 09:41:15.486root 11241100x8000000000000000256835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28471c69460a57712023-02-08 09:41:15.486root 11241100x8000000000000000256834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.656d5567af372f222023-02-08 09:41:15.486root 11241100x8000000000000000256833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d90356615e6e38c2023-02-08 09:41:15.486root 11241100x8000000000000000256849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.133d22a52f0472c62023-02-08 09:41:15.487root 11241100x8000000000000000256848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e31cddf467cfa902023-02-08 09:41:15.487root 11241100x8000000000000000256847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df837d937df2ba372023-02-08 09:41:15.487root 11241100x8000000000000000256846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22c953dba743fd312023-02-08 09:41:15.487root 11241100x8000000000000000256845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dedf6f16f7a93422023-02-08 09:41:15.487root 11241100x8000000000000000256844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0278728b79c5d9d32023-02-08 09:41:15.487root 11241100x8000000000000000256843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbeef354447a70e82023-02-08 09:41:15.487root 11241100x8000000000000000256842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abdf77c699a5950e2023-02-08 09:41:15.487root 11241100x8000000000000000256855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7209174dc339b4bc2023-02-08 09:41:15.488root 11241100x8000000000000000256854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a422fcac13b528c2023-02-08 09:41:15.488root 11241100x8000000000000000256853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a94d22901609ba622023-02-08 09:41:15.488root 11241100x8000000000000000256852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25569d43f70da2892023-02-08 09:41:15.488root 11241100x8000000000000000256851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94d51a7f948d53a12023-02-08 09:41:15.488root 11241100x8000000000000000256850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e5d3a8bb8bffa92023-02-08 09:41:15.488root 11241100x8000000000000000256863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd2d5cb8d2c76c82023-02-08 09:41:15.489root 11241100x8000000000000000256862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31eeac2ef6a427e52023-02-08 09:41:15.489root 11241100x8000000000000000256861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ebfe319ac53e7a52023-02-08 09:41:15.489root 11241100x8000000000000000256860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d12bf9716ebc5d8b2023-02-08 09:41:15.489root 11241100x8000000000000000256859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a771b9cc4e670eb12023-02-08 09:41:15.489root 11241100x8000000000000000256858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c68559898bf6822023-02-08 09:41:15.489root 11241100x8000000000000000256857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a348450d6e32eaf22023-02-08 09:41:15.489root 11241100x8000000000000000256856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e6029551ef2b852023-02-08 09:41:15.489root 11241100x8000000000000000256872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.288793ecc4468cfc2023-02-08 09:41:15.490root 11241100x8000000000000000256871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.983da354d172cef12023-02-08 09:41:15.490root 11241100x8000000000000000256870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47279d09a6ce60da2023-02-08 09:41:15.490root 11241100x8000000000000000256869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc71ea9de259d1062023-02-08 09:41:15.490root 11241100x8000000000000000256868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a24b224eec5b13c02023-02-08 09:41:15.490root 11241100x8000000000000000256867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea067c59907933e2023-02-08 09:41:15.490root 11241100x8000000000000000256866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02e46741d5b011d22023-02-08 09:41:15.490root 11241100x8000000000000000256865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233c05f40c6763a22023-02-08 09:41:15.490root 11241100x8000000000000000256864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3ef69e9cb847ad82023-02-08 09:41:15.490root 11241100x8000000000000000256879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f030b7c5c61da442023-02-08 09:41:15.491root 11241100x8000000000000000256878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.792ed36a6248da4e2023-02-08 09:41:15.491root 11241100x8000000000000000256877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.997c8cbb025de9502023-02-08 09:41:15.491root 11241100x8000000000000000256876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6956eb1da6995fe92023-02-08 09:41:15.491root 11241100x8000000000000000256875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f439483225f5a72023-02-08 09:41:15.491root 11241100x8000000000000000256874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d773dfcd065f64dd2023-02-08 09:41:15.491root 11241100x8000000000000000256873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aae7813a78b721822023-02-08 09:41:15.491root 11241100x8000000000000000256882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.000c31a0730825ed2023-02-08 09:41:15.492root 11241100x8000000000000000256881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c13537a66477b632023-02-08 09:41:15.492root 11241100x8000000000000000256880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cefbd38ad7ebd89e2023-02-08 09:41:15.492root 11241100x8000000000000000256888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a105ab4eeb83d46d2023-02-08 09:41:15.984root 11241100x8000000000000000256887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.180afaf33c2e60622023-02-08 09:41:15.984root 11241100x8000000000000000256886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.152cd06d48b07cb92023-02-08 09:41:15.984root 11241100x8000000000000000256885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be0314ebdd26ca162023-02-08 09:41:15.984root 11241100x8000000000000000256884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4943f39d4ceb28c2023-02-08 09:41:15.984root 11241100x8000000000000000256883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d6666ac943cd14b2023-02-08 09:41:15.984root 11241100x8000000000000000256896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc8f547356f6a8062023-02-08 09:41:15.985root 11241100x8000000000000000256895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef37c20b30952ea22023-02-08 09:41:15.985root 11241100x8000000000000000256894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3abc14da6e6c0842023-02-08 09:41:15.985root 11241100x8000000000000000256893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e12cd1318d0937d2023-02-08 09:41:15.985root 11241100x8000000000000000256892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7f42149e98dbd592023-02-08 09:41:15.985root 11241100x8000000000000000256891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93863825e2f379fd2023-02-08 09:41:15.985root 11241100x8000000000000000256890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c7fdd454d04f9ea2023-02-08 09:41:15.985root 11241100x8000000000000000256889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c414219ce1035e82023-02-08 09:41:15.985root 11241100x8000000000000000256906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e8e298587330dc72023-02-08 09:41:15.986root 11241100x8000000000000000256905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506ccf2669a0ef902023-02-08 09:41:15.986root 11241100x8000000000000000256904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.728f71168a5415042023-02-08 09:41:15.986root 11241100x8000000000000000256903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17904fc4c0f47dba2023-02-08 09:41:15.986root 11241100x8000000000000000256902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffafc1713bd558662023-02-08 09:41:15.986root 11241100x8000000000000000256901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fdf7142402589272023-02-08 09:41:15.986root 11241100x8000000000000000256900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8373ce36603084d12023-02-08 09:41:15.986root 11241100x8000000000000000256899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adc0abb5c09e6ca42023-02-08 09:41:15.986root 11241100x8000000000000000256898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed2808158609e5572023-02-08 09:41:15.986root 11241100x8000000000000000256897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c541cf53d9cbbe2023-02-08 09:41:15.986root 11241100x8000000000000000256909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4bd341b3e1422972023-02-08 09:41:15.987root 11241100x8000000000000000256908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d6f06ef31046c972023-02-08 09:41:15.987root 11241100x8000000000000000256907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67cbb0e062b88a642023-02-08 09:41:15.987root 11241100x8000000000000000256918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b7c4c173c8bf54f2023-02-08 09:41:15.989root 11241100x8000000000000000256917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.105bbb1f9811d3e12023-02-08 09:41:15.989root 11241100x8000000000000000256916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06746334f11b83ac2023-02-08 09:41:15.989root 11241100x8000000000000000256915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.268d582f7bbdbd102023-02-08 09:41:15.989root 11241100x8000000000000000256914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c193f9c2ec04f9f82023-02-08 09:41:15.989root 11241100x8000000000000000256913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f2e0d0dbc6711f2023-02-08 09:41:15.989root 11241100x8000000000000000256912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac583fdf3268ac222023-02-08 09:41:15.989root 11241100x8000000000000000256911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6413fee9a5ff7cb32023-02-08 09:41:15.989root 11241100x8000000000000000256910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cfc9202b202e5bf2023-02-08 09:41:15.989root 11241100x8000000000000000256932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7886034171309b32023-02-08 09:41:15.990root 11241100x8000000000000000256931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82d3829018e1dcb2023-02-08 09:41:15.990root 11241100x8000000000000000256930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ec27610528695682023-02-08 09:41:15.990root 11241100x8000000000000000256929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.709b1cf642f69d642023-02-08 09:41:15.990root 11241100x8000000000000000256928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75c087694e86ff612023-02-08 09:41:15.990root 11241100x8000000000000000256927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84050304f7779fd42023-02-08 09:41:15.990root 11241100x8000000000000000256926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b29879ad1da31d2023-02-08 09:41:15.990root 11241100x8000000000000000256925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.853ebd86d451fcae2023-02-08 09:41:15.990root 11241100x8000000000000000256924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e2edcd158abf7e2023-02-08 09:41:15.990root 11241100x8000000000000000256923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94b9fd856fc2632f2023-02-08 09:41:15.990root 11241100x8000000000000000256922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d971d72949bd8c2d2023-02-08 09:41:15.990root 11241100x8000000000000000256921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a57a5da0fcf0b932023-02-08 09:41:15.990root 11241100x8000000000000000256920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9fb87ae078e23532023-02-08 09:41:15.990root 11241100x8000000000000000256919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.671255922e1f7aca2023-02-08 09:41:15.990root 11241100x8000000000000000256935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81d74f6d408e33a2023-02-08 09:41:15.992root 11241100x8000000000000000256934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d854f69b944d572023-02-08 09:41:15.992root 11241100x8000000000000000256933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6815369b9e01edd2023-02-08 09:41:15.992root 11241100x8000000000000000256942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.383dbb95d58be93e2023-02-08 09:41:15.993root 11241100x8000000000000000256941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c759c51c160098642023-02-08 09:41:15.993root 11241100x8000000000000000256940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a9cbc6258bc5c62023-02-08 09:41:15.993root 11241100x8000000000000000256939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51df79a221548e8e2023-02-08 09:41:15.993root 11241100x8000000000000000256938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2783e77d5f535bf92023-02-08 09:41:15.993root 11241100x8000000000000000256937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abd0df88a5fc5dfa2023-02-08 09:41:15.993root 11241100x8000000000000000256936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56076b067c731c052023-02-08 09:41:15.993root 11241100x8000000000000000256946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95ca24a8965bf6102023-02-08 09:41:15.994root 11241100x8000000000000000256945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.540eff3ab41c275b2023-02-08 09:41:15.994root 11241100x8000000000000000256944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.569f0a626db4b9b12023-02-08 09:41:15.994root 11241100x8000000000000000256943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f0add72c63701662023-02-08 09:41:15.994root 11241100x8000000000000000256947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.998{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a0351ea8398a2692023-02-08 09:41:15.998root 11241100x8000000000000000256948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.999{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0a4c04308614782023-02-08 09:41:15.999root 11241100x8000000000000000256949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.000{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.201ab9401d149a6d2023-02-08 09:41:16.000root 11241100x8000000000000000256952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.001{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.611d0f463a7fa4432023-02-08 09:41:16.001root 11241100x8000000000000000256951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.001{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fab07b67a19df2f2023-02-08 09:41:16.001root 11241100x8000000000000000256950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.001{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa629d6082daac102023-02-08 09:41:16.001root 11241100x8000000000000000256953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.002{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a4b3e2643e4b88a2023-02-08 09:41:16.002root 11241100x8000000000000000256954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.003{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34adf823ac587d842023-02-08 09:41:16.003root 11241100x8000000000000000256955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddae837e9fbc2ec42023-02-08 09:41:16.484root 11241100x8000000000000000256963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d301dac02c795b2023-02-08 09:41:16.485root 11241100x8000000000000000256962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa88cfbb118e77002023-02-08 09:41:16.485root 11241100x8000000000000000256961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b30de5fe05ab1cf2023-02-08 09:41:16.485root 11241100x8000000000000000256960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89dcc7339789a0b42023-02-08 09:41:16.485root 11241100x8000000000000000256959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf814d9166d2edf2023-02-08 09:41:16.485root 11241100x8000000000000000256958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a8cc9a4f33a39722023-02-08 09:41:16.485root 11241100x8000000000000000256957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0208f22a19e45152023-02-08 09:41:16.485root 11241100x8000000000000000256956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd237d39b2e4f73b2023-02-08 09:41:16.485root 11241100x8000000000000000256970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07547bd6f5e76e792023-02-08 09:41:16.486root 11241100x8000000000000000256969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d96179570d3da52023-02-08 09:41:16.486root 11241100x8000000000000000256968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1affc3999096b982023-02-08 09:41:16.486root 11241100x8000000000000000256967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.863bcfdd981eb3862023-02-08 09:41:16.486root 11241100x8000000000000000256966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f363e6206056982023-02-08 09:41:16.486root 11241100x8000000000000000256965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e5b09500665c7a2023-02-08 09:41:16.486root 11241100x8000000000000000256964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c0b767ae9866f242023-02-08 09:41:16.486root 11241100x8000000000000000256980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d0f1314b195e54c2023-02-08 09:41:16.487root 11241100x8000000000000000256979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e58a440a6b6c6392023-02-08 09:41:16.487root 11241100x8000000000000000256978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9610f5f3ca0fe9c82023-02-08 09:41:16.487root 11241100x8000000000000000256977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba821b0a209ef0302023-02-08 09:41:16.487root 11241100x8000000000000000256976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b303632a8a7d562023-02-08 09:41:16.487root 11241100x8000000000000000256975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc8e8cb64d979bd32023-02-08 09:41:16.487root 11241100x8000000000000000256974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02b148a94a4789b02023-02-08 09:41:16.487root 11241100x8000000000000000256973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1e9fae947adeb592023-02-08 09:41:16.487root 11241100x8000000000000000256972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7872383911911c2023-02-08 09:41:16.487root 11241100x8000000000000000256971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d6c369d563878e2023-02-08 09:41:16.487root 11241100x8000000000000000256990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec6df835da56b902023-02-08 09:41:16.488root 11241100x8000000000000000256989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c172531fefade72023-02-08 09:41:16.488root 11241100x8000000000000000256988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc5b62157203ccb2023-02-08 09:41:16.488root 11241100x8000000000000000256987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccc033cf8fc3591f2023-02-08 09:41:16.488root 11241100x8000000000000000256986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35fd5f48ebda1b6c2023-02-08 09:41:16.488root 11241100x8000000000000000256985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35bad53057f42292023-02-08 09:41:16.488root 11241100x8000000000000000256984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599af15d101363072023-02-08 09:41:16.488root 11241100x8000000000000000256983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed83cc979f7e00392023-02-08 09:41:16.488root 11241100x8000000000000000256982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54219767feae3c822023-02-08 09:41:16.488root 11241100x8000000000000000256981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9122c6f98d0f659b2023-02-08 09:41:16.488root 11241100x8000000000000000256999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5be85c99a45afd02023-02-08 09:41:16.489root 11241100x8000000000000000256998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7532e00c0a445f062023-02-08 09:41:16.489root 11241100x8000000000000000256997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45aab25e39aeb6ed2023-02-08 09:41:16.489root 11241100x8000000000000000256996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.000bde626948fb4d2023-02-08 09:41:16.489root 11241100x8000000000000000256995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c8ec360f0ff5aea2023-02-08 09:41:16.489root 11241100x8000000000000000256994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc0c4fcf102414e2023-02-08 09:41:16.489root 11241100x8000000000000000256993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4bd6a5be4d18d512023-02-08 09:41:16.489root 11241100x8000000000000000256992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3927985bc568e502023-02-08 09:41:16.489root 11241100x8000000000000000256991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a945bbf31edc0e42023-02-08 09:41:16.489root 11241100x8000000000000000257000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.442b46869bfb7b052023-02-08 09:41:16.490root 11241100x8000000000000000257006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f0a045cdc624b352023-02-08 09:41:16.984root 11241100x8000000000000000257005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b9a414f6c6780d2023-02-08 09:41:16.984root 11241100x8000000000000000257004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e423ea162b1a2ce32023-02-08 09:41:16.984root 11241100x8000000000000000257003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10dce2b37de498362023-02-08 09:41:16.984root 11241100x8000000000000000257002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47dc5aa0215abe222023-02-08 09:41:16.984root 11241100x8000000000000000257001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a4e18ad011c82d2023-02-08 09:41:16.984root 11241100x8000000000000000257013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.528e51e680ad80952023-02-08 09:41:16.985root 11241100x8000000000000000257012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.018de15cfc840c932023-02-08 09:41:16.985root 11241100x8000000000000000257011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea6fb0b7c3a2249d2023-02-08 09:41:16.985root 11241100x8000000000000000257010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35149410208ddeef2023-02-08 09:41:16.985root 11241100x8000000000000000257009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b39a12088813442023-02-08 09:41:16.985root 11241100x8000000000000000257008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf435d8c17aad0732023-02-08 09:41:16.985root 11241100x8000000000000000257007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8988bedc139d4442023-02-08 09:41:16.985root 11241100x8000000000000000257025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc95f2d4a0582c2a2023-02-08 09:41:16.986root 11241100x8000000000000000257024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bdefa1b15a0b0fb2023-02-08 09:41:16.986root 11241100x8000000000000000257023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6083ee2fe3bfe4b12023-02-08 09:41:16.986root 11241100x8000000000000000257022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c086b8f865d37d632023-02-08 09:41:16.986root 11241100x8000000000000000257021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d7ea88f8a4d4b12023-02-08 09:41:16.986root 11241100x8000000000000000257020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dab08b5383bb3da2023-02-08 09:41:16.986root 11241100x8000000000000000257019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61bd65dea57241312023-02-08 09:41:16.986root 11241100x8000000000000000257018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67241b0c451cb32e2023-02-08 09:41:16.986root 11241100x8000000000000000257017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4987689bd9053bc2023-02-08 09:41:16.986root 11241100x8000000000000000257016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.347d54a01487125c2023-02-08 09:41:16.986root 11241100x8000000000000000257015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b9980acef918bc52023-02-08 09:41:16.986root 11241100x8000000000000000257014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c011a8032aca4d9d2023-02-08 09:41:16.986root 11241100x8000000000000000257038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b53b4617a6d12a2023-02-08 09:41:16.987root 11241100x8000000000000000257037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36a89f35f37f3b342023-02-08 09:41:16.987root 11241100x8000000000000000257036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33fbbcaf4962cce62023-02-08 09:41:16.987root 11241100x8000000000000000257035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b468f1f92dcd38932023-02-08 09:41:16.987root 11241100x8000000000000000257034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f7916470d4439132023-02-08 09:41:16.987root 11241100x8000000000000000257033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1541ddf02f069812023-02-08 09:41:16.987root 11241100x8000000000000000257032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11317788904c89342023-02-08 09:41:16.987root 11241100x8000000000000000257031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb10cd30ed9943662023-02-08 09:41:16.987root 11241100x8000000000000000257030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ded0e481a4926b22023-02-08 09:41:16.987root 11241100x8000000000000000257029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7f641132f774b922023-02-08 09:41:16.987root 11241100x8000000000000000257028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12c4e0d9e95be9a42023-02-08 09:41:16.987root 11241100x8000000000000000257027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e1a40b054e6fc922023-02-08 09:41:16.987root 11241100x8000000000000000257026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82e4600303cbc8c2023-02-08 09:41:16.987root 11241100x8000000000000000257051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cdf1028ad1c1d592023-02-08 09:41:16.988root 11241100x8000000000000000257050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c89198122b00a772023-02-08 09:41:16.988root 11241100x8000000000000000257049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b867dd360c7228cb2023-02-08 09:41:16.988root 11241100x8000000000000000257048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc50354ddbff083a2023-02-08 09:41:16.988root 11241100x8000000000000000257047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df8bd8cd9eb57aa72023-02-08 09:41:16.988root 11241100x8000000000000000257046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffd312228580f07c2023-02-08 09:41:16.988root 11241100x8000000000000000257045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c2cb3c9bf370462023-02-08 09:41:16.988root 11241100x8000000000000000257044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c15d54f68bc72e12023-02-08 09:41:16.988root 11241100x8000000000000000257043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b57aae020e70afb2023-02-08 09:41:16.988root 11241100x8000000000000000257042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9979a2839d2e9f2023-02-08 09:41:16.988root 11241100x8000000000000000257041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7824f496fa8025e2023-02-08 09:41:16.988root 11241100x8000000000000000257040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b07625750f1b6f32023-02-08 09:41:16.988root 11241100x8000000000000000257039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4eaaabc2d94d2712023-02-08 09:41:16.988root 11241100x8000000000000000257059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86dfe51e20fd15262023-02-08 09:41:16.989root 11241100x8000000000000000257058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea047ddc6b6063b72023-02-08 09:41:16.989root 11241100x8000000000000000257057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9508dfadc2e7db832023-02-08 09:41:16.989root 11241100x8000000000000000257056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091a52a41efd423d2023-02-08 09:41:16.989root 11241100x8000000000000000257055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4d516cb4feccf182023-02-08 09:41:16.989root 11241100x8000000000000000257054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7bb671553993a72023-02-08 09:41:16.989root 11241100x8000000000000000257053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ec70d5860db9062023-02-08 09:41:16.989root 11241100x8000000000000000257052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a839932496c948082023-02-08 09:41:16.989root 11241100x8000000000000000257061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.302a2e56e66433912023-02-08 09:41:17.484root 11241100x8000000000000000257060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26487e31e4a586052023-02-08 09:41:17.484root 11241100x8000000000000000257069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25ed3c47b8397e762023-02-08 09:41:17.485root 11241100x8000000000000000257068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c6da474cd594f02023-02-08 09:41:17.485root 11241100x8000000000000000257067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac2c72a4bc59cf2d2023-02-08 09:41:17.485root 11241100x8000000000000000257066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce798b57ec9815c22023-02-08 09:41:17.485root 11241100x8000000000000000257065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88932ba60231686d2023-02-08 09:41:17.485root 11241100x8000000000000000257064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.148e31c10d49c8c62023-02-08 09:41:17.485root 11241100x8000000000000000257063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7324b4d6f371ce242023-02-08 09:41:17.485root 11241100x8000000000000000257062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.254b81898234f2682023-02-08 09:41:17.485root 11241100x8000000000000000257080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab0621033b6605562023-02-08 09:41:17.486root 11241100x8000000000000000257079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.781a1e6a4bc76c9f2023-02-08 09:41:17.486root 11241100x8000000000000000257078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b92689e84809dfd2023-02-08 09:41:17.486root 11241100x8000000000000000257077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae92fa7f007d4c12023-02-08 09:41:17.486root 11241100x8000000000000000257076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b35d375bed3924b2023-02-08 09:41:17.486root 11241100x8000000000000000257075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.044393217c6f6e5c2023-02-08 09:41:17.486root 11241100x8000000000000000257074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7079c5fac0791ad22023-02-08 09:41:17.486root 11241100x8000000000000000257073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4792d9b76e63f182023-02-08 09:41:17.486root 11241100x8000000000000000257072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c42622eef3ec8b2023-02-08 09:41:17.486root 11241100x8000000000000000257071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.138892b36e357f622023-02-08 09:41:17.486root 11241100x8000000000000000257070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d0d33dd37e32ed2023-02-08 09:41:17.486root 11241100x8000000000000000257091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73beb3d38d401a0c2023-02-08 09:41:17.487root 11241100x8000000000000000257090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92b493b7fc6da37c2023-02-08 09:41:17.487root 11241100x8000000000000000257089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af828680365afaf2023-02-08 09:41:17.487root 11241100x8000000000000000257088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb5b6b37ef24b5492023-02-08 09:41:17.487root 11241100x8000000000000000257087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ed8326d11d00872023-02-08 09:41:17.487root 11241100x8000000000000000257086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b7df57066cffce2023-02-08 09:41:17.487root 11241100x8000000000000000257085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e6d48f0428edcd2023-02-08 09:41:17.487root 11241100x8000000000000000257084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0200ff8bacc7c9142023-02-08 09:41:17.487root 11241100x8000000000000000257083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.071fab4cb255a4432023-02-08 09:41:17.487root 11241100x8000000000000000257082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.623152a119448cb62023-02-08 09:41:17.487root 11241100x8000000000000000257081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f7eccde81a6f1622023-02-08 09:41:17.487root 11241100x8000000000000000257103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a8abe127150deec2023-02-08 09:41:17.488root 11241100x8000000000000000257102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d5cf21f696a815d2023-02-08 09:41:17.488root 11241100x8000000000000000257101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee2eb855b9eb5aa52023-02-08 09:41:17.488root 11241100x8000000000000000257100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe75ea88c7dd19f2023-02-08 09:41:17.488root 11241100x8000000000000000257099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f56bdc030a1e5c752023-02-08 09:41:17.488root 11241100x8000000000000000257098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7b9fdb375824c562023-02-08 09:41:17.488root 11241100x8000000000000000257097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b155b64a03cc88d12023-02-08 09:41:17.488root 11241100x8000000000000000257096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be6a162b20448dfc2023-02-08 09:41:17.488root 11241100x8000000000000000257095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32341a1acec9d88b2023-02-08 09:41:17.488root 11241100x8000000000000000257094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b2880a6a93aa572023-02-08 09:41:17.488root 11241100x8000000000000000257093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9cc850b5d946dda2023-02-08 09:41:17.488root 11241100x8000000000000000257092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd729cb4d52c82d72023-02-08 09:41:17.488root 11241100x8000000000000000257113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b00233a29c4765c62023-02-08 09:41:17.489root 11241100x8000000000000000257112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37aba7e8eeed6d882023-02-08 09:41:17.489root 11241100x8000000000000000257111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84f095ab2154b5892023-02-08 09:41:17.489root 11241100x8000000000000000257110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f925f1ced87cff0c2023-02-08 09:41:17.489root 11241100x8000000000000000257109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d229e7f1c8877a92023-02-08 09:41:17.489root 11241100x8000000000000000257108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e2f794339383152023-02-08 09:41:17.489root 11241100x8000000000000000257107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0703f322f37321292023-02-08 09:41:17.489root 11241100x8000000000000000257106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.182c084e6f3236d72023-02-08 09:41:17.489root 11241100x8000000000000000257105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58af6297b16633da2023-02-08 09:41:17.489root 11241100x8000000000000000257104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e4bc86a778ef8902023-02-08 09:41:17.489root 11241100x8000000000000000257116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09326692003713ba2023-02-08 09:41:17.984root 11241100x8000000000000000257115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b684c5c047bb4f2023-02-08 09:41:17.984root 11241100x8000000000000000257114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d884cbfffc2434492023-02-08 09:41:17.984root 11241100x8000000000000000257125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67eb63e76e2e8cb32023-02-08 09:41:17.985root 11241100x8000000000000000257124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a7fbc27adbc037b2023-02-08 09:41:17.985root 11241100x8000000000000000257123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d8abead5682ac12023-02-08 09:41:17.985root 11241100x8000000000000000257122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b0c61ce5af55f752023-02-08 09:41:17.985root 11241100x8000000000000000257121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b27ccb8d130caac2023-02-08 09:41:17.985root 11241100x8000000000000000257120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e544ccda8c57a42023-02-08 09:41:17.985root 11241100x8000000000000000257119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.334e9863e370a8522023-02-08 09:41:17.985root 11241100x8000000000000000257118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb1dc89b121acb42023-02-08 09:41:17.985root 11241100x8000000000000000257117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bbcb5308501a7402023-02-08 09:41:17.985root 11241100x8000000000000000257133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bdb2778dac12c082023-02-08 09:41:17.986root 11241100x8000000000000000257132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e154d3e6c1540e2023-02-08 09:41:17.986root 11241100x8000000000000000257131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0868def0b766fb112023-02-08 09:41:17.986root 11241100x8000000000000000257130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98fba7651c488fe52023-02-08 09:41:17.986root 11241100x8000000000000000257129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49d29c310771dd02023-02-08 09:41:17.986root 11241100x8000000000000000257128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea9dbc9d0dc08def2023-02-08 09:41:17.986root 11241100x8000000000000000257127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f18ac21f5ab434652023-02-08 09:41:17.986root 11241100x8000000000000000257126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.655fa45fb4e867532023-02-08 09:41:17.986root 11241100x8000000000000000257136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90db3687bef2ddd22023-02-08 09:41:17.987root 11241100x8000000000000000257135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ce40334302c6cb2023-02-08 09:41:17.987root 11241100x8000000000000000257134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2522e7ef362fe54d2023-02-08 09:41:17.987root 11241100x8000000000000000257142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53de45e8d597ebf52023-02-08 09:41:17.988root 11241100x8000000000000000257141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c067219cfcc8d8632023-02-08 09:41:17.988root 11241100x8000000000000000257140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb661d4b2df4f812023-02-08 09:41:17.988root 11241100x8000000000000000257139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653b0aa3fd1cd01c2023-02-08 09:41:17.988root 11241100x8000000000000000257138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.496eb6286199e49c2023-02-08 09:41:17.988root 11241100x8000000000000000257137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.901aea99b362bace2023-02-08 09:41:17.988root 11241100x8000000000000000257149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a37cf273434b7eae2023-02-08 09:41:17.989root 11241100x8000000000000000257148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3a390e0ef576f3b2023-02-08 09:41:17.989root 11241100x8000000000000000257147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3418a4991b8cc5122023-02-08 09:41:17.989root 11241100x8000000000000000257146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c778c35eb7e74c02023-02-08 09:41:17.989root 11241100x8000000000000000257145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba46b2a05db463862023-02-08 09:41:17.989root 11241100x8000000000000000257144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5504067bac61fa742023-02-08 09:41:17.989root 11241100x8000000000000000257143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.432a5264dffb72602023-02-08 09:41:17.989root 11241100x8000000000000000257157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40d768fd16ace8832023-02-08 09:41:17.990root 11241100x8000000000000000257156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93aadc570dc6b7362023-02-08 09:41:17.990root 11241100x8000000000000000257155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.050b7b0f35372a6f2023-02-08 09:41:17.990root 11241100x8000000000000000257154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.938a2de06de009502023-02-08 09:41:17.990root 11241100x8000000000000000257153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccc97ac1a990b7752023-02-08 09:41:17.990root 11241100x8000000000000000257152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aacefd8d1c0ea69f2023-02-08 09:41:17.990root 11241100x8000000000000000257151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d97d714baf8dad82023-02-08 09:41:17.990root 11241100x8000000000000000257150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b01805e8c087f682023-02-08 09:41:17.990root 11241100x8000000000000000257160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7485303f392d1f8e2023-02-08 09:41:17.991root 11241100x8000000000000000257159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20f94874eb58bea82023-02-08 09:41:17.991root 11241100x8000000000000000257158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.279aa36cfe8ef8812023-02-08 09:41:17.991root 11241100x8000000000000000257170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a7a1d8dac820a662023-02-08 09:41:18.485root 11241100x8000000000000000257169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4fff604bc237fc42023-02-08 09:41:18.485root 11241100x8000000000000000257168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9edd249a0ae545cd2023-02-08 09:41:18.485root 11241100x8000000000000000257167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96ab954191537d472023-02-08 09:41:18.485root 11241100x8000000000000000257166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.320f20609ec490012023-02-08 09:41:18.485root 11241100x8000000000000000257165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.550c681c5d42c4912023-02-08 09:41:18.485root 11241100x8000000000000000257164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.346d574da2c6ef082023-02-08 09:41:18.485root 11241100x8000000000000000257163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3878c9f8f8152622023-02-08 09:41:18.485root 11241100x8000000000000000257162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299bf8223ff7d3512023-02-08 09:41:18.485root 11241100x8000000000000000257161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9116c8e9d9238ce32023-02-08 09:41:18.485root 11241100x8000000000000000257185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b1a9ebfb6f2ba72023-02-08 09:41:18.486root 11241100x8000000000000000257184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a49892990e1215f2023-02-08 09:41:18.486root 11241100x8000000000000000257183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afdd425f7e5854742023-02-08 09:41:18.486root 11241100x8000000000000000257182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e197b71382690202023-02-08 09:41:18.486root 11241100x8000000000000000257181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a17dff6cc18a092023-02-08 09:41:18.486root 11241100x8000000000000000257180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.143978cb05c458952023-02-08 09:41:18.486root 11241100x8000000000000000257179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b953a694b0957b02023-02-08 09:41:18.486root 11241100x8000000000000000257178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa8bfa1c26e9e7a2023-02-08 09:41:18.486root 11241100x8000000000000000257177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c86f21c755c94162023-02-08 09:41:18.486root 11241100x8000000000000000257176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b26e8548486d48e32023-02-08 09:41:18.486root 11241100x8000000000000000257175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32aac6a3039ff4d92023-02-08 09:41:18.486root 11241100x8000000000000000257174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6623fdada2953362023-02-08 09:41:18.486root 11241100x8000000000000000257173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c57efe1034cbd12023-02-08 09:41:18.486root 11241100x8000000000000000257172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9d29f6288eb1dca2023-02-08 09:41:18.486root 11241100x8000000000000000257171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.546f1b0836ff06ef2023-02-08 09:41:18.486root 11241100x8000000000000000257191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5459d43aee3d70592023-02-08 09:41:18.487root 11241100x8000000000000000257190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4228978d83ea6792023-02-08 09:41:18.487root 11241100x8000000000000000257189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40529b744f0fff522023-02-08 09:41:18.487root 11241100x8000000000000000257188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a1d683aa30a2572023-02-08 09:41:18.487root 11241100x8000000000000000257187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3fd58ce475dd8182023-02-08 09:41:18.487root 11241100x8000000000000000257186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c82d9806225eaf2023-02-08 09:41:18.487root 11241100x8000000000000000257205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3669e6951024a342023-02-08 09:41:18.488root 11241100x8000000000000000257204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377789c3730c2c9f2023-02-08 09:41:18.488root 11241100x8000000000000000257203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a6d8a96719cdc42023-02-08 09:41:18.488root 11241100x8000000000000000257202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88abf90822d2fa512023-02-08 09:41:18.488root 11241100x8000000000000000257201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b8054bbb95fc01a2023-02-08 09:41:18.488root 11241100x8000000000000000257200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.407415b3f4a06c852023-02-08 09:41:18.488root 11241100x8000000000000000257199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a71b9d65c80a582023-02-08 09:41:18.488root 11241100x8000000000000000257198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23d320049e0d8c482023-02-08 09:41:18.488root 11241100x8000000000000000257197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ece7040ca2b1b182023-02-08 09:41:18.488root 11241100x8000000000000000257196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.194831021bcb019c2023-02-08 09:41:18.488root 11241100x8000000000000000257195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6dbc13d0e4ee39e2023-02-08 09:41:18.488root 11241100x8000000000000000257194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a08ab88cc701a7392023-02-08 09:41:18.488root 11241100x8000000000000000257193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f95caee450ea7c62023-02-08 09:41:18.488root 11241100x8000000000000000257192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2475f2a9de8525872023-02-08 09:41:18.488root 11241100x8000000000000000257206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfb9aedeafef85fb2023-02-08 09:41:18.489root 11241100x8000000000000000257213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2223070a02e798f2023-02-08 09:41:18.984root 11241100x8000000000000000257212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb5532a00cb4061a2023-02-08 09:41:18.984root 11241100x8000000000000000257211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cd4701e152424e12023-02-08 09:41:18.984root 11241100x8000000000000000257210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489b55f1ded5a09d2023-02-08 09:41:18.984root 11241100x8000000000000000257209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc962a0e3f7b11082023-02-08 09:41:18.984root 11241100x8000000000000000257208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac463531b1c06dfa2023-02-08 09:41:18.984root 11241100x8000000000000000257207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6193e99dbb50461b2023-02-08 09:41:18.984root 11241100x8000000000000000257221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94fa6907dfdb3ca32023-02-08 09:41:18.985root 11241100x8000000000000000257220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.924d047faf46d0be2023-02-08 09:41:18.985root 11241100x8000000000000000257219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce782af4d6e715262023-02-08 09:41:18.985root 11241100x8000000000000000257218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c9a83edf40b65d2023-02-08 09:41:18.985root 11241100x8000000000000000257217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903e0adf9e705a902023-02-08 09:41:18.985root 11241100x8000000000000000257216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce2fcc4e4239c7252023-02-08 09:41:18.985root 11241100x8000000000000000257215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb4e2621f8867892023-02-08 09:41:18.985root 11241100x8000000000000000257214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99459779a516232c2023-02-08 09:41:18.985root 11241100x8000000000000000257230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e420cc02c97aa1c52023-02-08 09:41:18.986root 11241100x8000000000000000257229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47d08a5a7ac44502023-02-08 09:41:18.986root 11241100x8000000000000000257228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ff85ed065a08ab2023-02-08 09:41:18.986root 11241100x8000000000000000257227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f0396d821b41ea52023-02-08 09:41:18.986root 11241100x8000000000000000257226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8fda37f4ade7322023-02-08 09:41:18.986root 11241100x8000000000000000257225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270ef3c460d7c7ee2023-02-08 09:41:18.986root 11241100x8000000000000000257224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4598312a7207aa832023-02-08 09:41:18.986root 11241100x8000000000000000257223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b50481c20a7c822023-02-08 09:41:18.986root 11241100x8000000000000000257222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0255accbc960afcf2023-02-08 09:41:18.986root 11241100x8000000000000000257238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec493b667ace7f92023-02-08 09:41:18.987root 11241100x8000000000000000257237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74016941677961b92023-02-08 09:41:18.987root 11241100x8000000000000000257236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12538175532d0d0e2023-02-08 09:41:18.987root 11241100x8000000000000000257235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12bb6be9cf12eb112023-02-08 09:41:18.987root 11241100x8000000000000000257234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267792997f3c537f2023-02-08 09:41:18.987root 11241100x8000000000000000257233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a7cafed503be54e2023-02-08 09:41:18.987root 11241100x8000000000000000257232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a7c4b7f9e90b7b12023-02-08 09:41:18.987root 11241100x8000000000000000257231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e57e22e7d5e3bc22023-02-08 09:41:18.987root 11241100x8000000000000000257249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c58f4aae2df5f142023-02-08 09:41:18.988root 11241100x8000000000000000257248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.918fec9cf545ac2c2023-02-08 09:41:18.988root 11241100x8000000000000000257247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f4935fc798b33f2023-02-08 09:41:18.988root 11241100x8000000000000000257246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc21c21af44befe2023-02-08 09:41:18.988root 11241100x8000000000000000257245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e5394e863937d52023-02-08 09:41:18.988root 11241100x8000000000000000257244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.776121a5b4875e0f2023-02-08 09:41:18.988root 11241100x8000000000000000257243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76705f2e1e6b48d72023-02-08 09:41:18.988root 11241100x8000000000000000257242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c578c34a0d9b44652023-02-08 09:41:18.988root 11241100x8000000000000000257241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f56a69f4b314d4542023-02-08 09:41:18.988root 11241100x8000000000000000257240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ec9b46e5e90c312023-02-08 09:41:18.988root 11241100x8000000000000000257239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.344d8efacd8f88462023-02-08 09:41:18.988root 11241100x8000000000000000257261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a826d61a6814481a2023-02-08 09:41:18.989root 11241100x8000000000000000257260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e310d629d19dccd2023-02-08 09:41:18.989root 11241100x8000000000000000257259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.033749781b2e4c232023-02-08 09:41:18.989root 11241100x8000000000000000257258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02e8a251ca82e26e2023-02-08 09:41:18.989root 11241100x8000000000000000257257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31af71b7575535c82023-02-08 09:41:18.989root 11241100x8000000000000000257256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.353d3461255c0c5b2023-02-08 09:41:18.989root 11241100x8000000000000000257255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eba422965ebbc322023-02-08 09:41:18.989root 11241100x8000000000000000257254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd92969e075a9f6f2023-02-08 09:41:18.989root 11241100x8000000000000000257253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5c1dc0dfc7618a22023-02-08 09:41:18.989root 11241100x8000000000000000257252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf4e3d0e63a815c22023-02-08 09:41:18.989root 11241100x8000000000000000257251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ca02f10d2005e82023-02-08 09:41:18.989root 11241100x8000000000000000257250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffde9997c20a82712023-02-08 09:41:18.989root 11241100x8000000000000000257269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f94d72f34525192023-02-08 09:41:18.990root 11241100x8000000000000000257268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f09ffa381f36d92023-02-08 09:41:18.990root 11241100x8000000000000000257267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b5fbeac9497474e2023-02-08 09:41:18.990root 11241100x8000000000000000257266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c1f4848f3c55a2a2023-02-08 09:41:18.990root 11241100x8000000000000000257265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7090c329d3747a732023-02-08 09:41:18.990root 11241100x8000000000000000257264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a88d24d14ba9c9c2023-02-08 09:41:18.990root 11241100x8000000000000000257263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32cabb1b217f4ce72023-02-08 09:41:18.990root 11241100x8000000000000000257262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.192e11c6c20f2b172023-02-08 09:41:18.990root 11241100x8000000000000000257274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59aedcdae54ead322023-02-08 09:41:18.991root 11241100x8000000000000000257273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04077bbd06e881982023-02-08 09:41:18.991root 11241100x8000000000000000257272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21591d7d9b46bdc82023-02-08 09:41:18.991root 11241100x8000000000000000257271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb391eabe27fd3f52023-02-08 09:41:18.991root 11241100x8000000000000000257270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b89f3680cc471b882023-02-08 09:41:18.991root 354300x8000000000000000257275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.085{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-46948-false10.0.1.12-8000- 11241100x8000000000000000257282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0addaef273d3fa22023-02-08 09:41:19.484root 11241100x8000000000000000257281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f438a11a46b403e52023-02-08 09:41:19.484root 11241100x8000000000000000257280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ddeb530eb75918e2023-02-08 09:41:19.484root 11241100x8000000000000000257279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c76dbd9a31838842023-02-08 09:41:19.484root 11241100x8000000000000000257278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d24e56f8b300fc62023-02-08 09:41:19.484root 11241100x8000000000000000257277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b837a2663d89994b2023-02-08 09:41:19.484root 11241100x8000000000000000257276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ce18087de8678842023-02-08 09:41:19.484root 11241100x8000000000000000257291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.837caa0013b7ab3a2023-02-08 09:41:19.485root 11241100x8000000000000000257290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbbc8feb79294bf02023-02-08 09:41:19.485root 11241100x8000000000000000257289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c650fadc977e7bd62023-02-08 09:41:19.485root 11241100x8000000000000000257288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb4228d72b5ba9a22023-02-08 09:41:19.485root 11241100x8000000000000000257287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e53401400d683f502023-02-08 09:41:19.485root 11241100x8000000000000000257286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e1a1475a8690342023-02-08 09:41:19.485root 11241100x8000000000000000257285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba8a5e28f527aa472023-02-08 09:41:19.485root 11241100x8000000000000000257284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91dde63961bec2f72023-02-08 09:41:19.485root 11241100x8000000000000000257283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.828fca8766316b302023-02-08 09:41:19.485root 11241100x8000000000000000257306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.127bb082c21836b42023-02-08 09:41:19.486root 11241100x8000000000000000257305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a363f5917baca74f2023-02-08 09:41:19.486root 11241100x8000000000000000257304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ae7a3a37c9cd532023-02-08 09:41:19.486root 11241100x8000000000000000257303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6020886e2fa36932023-02-08 09:41:19.486root 11241100x8000000000000000257302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62a57e0885d577652023-02-08 09:41:19.486root 11241100x8000000000000000257301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6241d413d161da62023-02-08 09:41:19.486root 11241100x8000000000000000257300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e3a6b40d8a027f2023-02-08 09:41:19.486root 11241100x8000000000000000257299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.893d27e4f54e673b2023-02-08 09:41:19.486root 11241100x8000000000000000257298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.182911a9723712dc2023-02-08 09:41:19.486root 11241100x8000000000000000257297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edac0b95319e4e3d2023-02-08 09:41:19.486root 11241100x8000000000000000257296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc6d00f2d3ca35392023-02-08 09:41:19.486root 11241100x8000000000000000257295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc1f531050d96332023-02-08 09:41:19.486root 11241100x8000000000000000257294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.186beef7c0232be62023-02-08 09:41:19.486root 11241100x8000000000000000257293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75db007b167aabf82023-02-08 09:41:19.486root 11241100x8000000000000000257292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71fa19627f1d7872023-02-08 09:41:19.486root 11241100x8000000000000000257320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0068b7c4575ff282023-02-08 09:41:19.487root 11241100x8000000000000000257319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.116c3153da55e00a2023-02-08 09:41:19.487root 11241100x8000000000000000257318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d91c0aca68c76c352023-02-08 09:41:19.487root 11241100x8000000000000000257317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31ea7dafc65e4f3a2023-02-08 09:41:19.487root 11241100x8000000000000000257316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8255fa13b5f11552023-02-08 09:41:19.487root 11241100x8000000000000000257315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b90af550f8cb1c642023-02-08 09:41:19.487root 11241100x8000000000000000257314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b8493d32037c1232023-02-08 09:41:19.487root 11241100x8000000000000000257313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c40ec5da493cded2023-02-08 09:41:19.487root 11241100x8000000000000000257312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b44af1a7dafc492023-02-08 09:41:19.487root 11241100x8000000000000000257311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2726bf1802d861892023-02-08 09:41:19.487root 11241100x8000000000000000257310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc3067fd9f950b012023-02-08 09:41:19.487root 11241100x8000000000000000257309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5353b8738696081d2023-02-08 09:41:19.487root 11241100x8000000000000000257308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0091ea8ee62102ab2023-02-08 09:41:19.487root 11241100x8000000000000000257307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b23af85a3f57fd2023-02-08 09:41:19.487root 11241100x8000000000000000257332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a9d3a71aa250362023-02-08 09:41:19.488root 11241100x8000000000000000257331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989507e5c91701bd2023-02-08 09:41:19.488root 11241100x8000000000000000257330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.173c2558aa5cf6f22023-02-08 09:41:19.488root 11241100x8000000000000000257329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.662d8045a59d49a42023-02-08 09:41:19.488root 11241100x8000000000000000257328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0dff62f344f7a072023-02-08 09:41:19.488root 11241100x8000000000000000257327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e64348d29182c1f2023-02-08 09:41:19.488root 11241100x8000000000000000257326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.496e273b14e0b1922023-02-08 09:41:19.488root 11241100x8000000000000000257325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d69e4e1aea4b1a592023-02-08 09:41:19.488root 11241100x8000000000000000257324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dabf80c4207a1bb42023-02-08 09:41:19.488root 11241100x8000000000000000257323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05e518c52223108d2023-02-08 09:41:19.488root 11241100x8000000000000000257322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5a2358c901200572023-02-08 09:41:19.488root 11241100x8000000000000000257321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac84fdc55aae6d5e2023-02-08 09:41:19.488root 11241100x8000000000000000257334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb7cd1b729b074e12023-02-08 09:41:19.489root 11241100x8000000000000000257333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.849d26f5b714c29c2023-02-08 09:41:19.489root 11241100x8000000000000000257345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37dc1ef5758f0c092023-02-08 09:41:19.984root 11241100x8000000000000000257344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac4d07ec2e9ddba2023-02-08 09:41:19.984root 11241100x8000000000000000257343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6374c6ef8af88d6d2023-02-08 09:41:19.984root 11241100x8000000000000000257342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.255c1cdef69426552023-02-08 09:41:19.984root 11241100x8000000000000000257341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.404fbfb9cab4deda2023-02-08 09:41:19.984root 11241100x8000000000000000257340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2dd18c17fd250d82023-02-08 09:41:19.984root 11241100x8000000000000000257339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8247357291a0b8732023-02-08 09:41:19.984root 11241100x8000000000000000257338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e8a2e92ea11f4c2023-02-08 09:41:19.984root 11241100x8000000000000000257337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.038e493e565266b32023-02-08 09:41:19.984root 11241100x8000000000000000257336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9359d25a398f30552023-02-08 09:41:19.984root 11241100x8000000000000000257335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5080368c070c39512023-02-08 09:41:19.984root 11241100x8000000000000000257355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888ab2999abc8d102023-02-08 09:41:19.985root 11241100x8000000000000000257354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b165393591f9be002023-02-08 09:41:19.985root 11241100x8000000000000000257353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29dddbc5eb395da22023-02-08 09:41:19.985root 11241100x8000000000000000257352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c955ae2225cb701b2023-02-08 09:41:19.985root 11241100x8000000000000000257351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c3953d4d3ff4882023-02-08 09:41:19.985root 11241100x8000000000000000257350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eced8527f34aaa72023-02-08 09:41:19.985root 11241100x8000000000000000257349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.497596a7c315068d2023-02-08 09:41:19.985root 11241100x8000000000000000257348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c04fd680d6ec78712023-02-08 09:41:19.985root 11241100x8000000000000000257347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5fa16da2f490d802023-02-08 09:41:19.985root 11241100x8000000000000000257346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c0657e4056ffda22023-02-08 09:41:19.985root 11241100x8000000000000000257361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b12bb33190adafad2023-02-08 09:41:19.986root 11241100x8000000000000000257360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e442803c21f59c92023-02-08 09:41:19.986root 11241100x8000000000000000257359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fb2b68e963457142023-02-08 09:41:19.986root 11241100x8000000000000000257358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2783f0596ebf038a2023-02-08 09:41:19.986root 11241100x8000000000000000257357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed833738ae3281322023-02-08 09:41:19.986root 11241100x8000000000000000257356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df15620a3ba59352023-02-08 09:41:19.986root 11241100x8000000000000000257372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f23ef91b2f3a262023-02-08 09:41:19.987root 11241100x8000000000000000257371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.847080573471d61a2023-02-08 09:41:19.987root 11241100x8000000000000000257370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.459002db96ba66812023-02-08 09:41:19.987root 11241100x8000000000000000257369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa8c373a487cc75a2023-02-08 09:41:19.987root 11241100x8000000000000000257368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e113a712bad8d5612023-02-08 09:41:19.987root 11241100x8000000000000000257367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bba08bd9dca444fe2023-02-08 09:41:19.987root 11241100x8000000000000000257366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b75f79147e46402023-02-08 09:41:19.987root 11241100x8000000000000000257365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a2ded9732070d52023-02-08 09:41:19.987root 11241100x8000000000000000257364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5315fab808f96d762023-02-08 09:41:19.987root 11241100x8000000000000000257363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a8805de5e2b51c42023-02-08 09:41:19.987root 11241100x8000000000000000257362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b358ccdbe748362d2023-02-08 09:41:19.987root 11241100x8000000000000000257381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8357aebd0477d9d2023-02-08 09:41:19.988root 11241100x8000000000000000257380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97a80f83bb74f0c02023-02-08 09:41:19.988root 11241100x8000000000000000257379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fb9c962e3a92b022023-02-08 09:41:19.988root 11241100x8000000000000000257378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8f95472689327a62023-02-08 09:41:19.988root 11241100x8000000000000000257377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e78dc37cad704722023-02-08 09:41:19.988root 11241100x8000000000000000257376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4132dd5f509d01b02023-02-08 09:41:19.988root 11241100x8000000000000000257375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa15b2d504ed47bf2023-02-08 09:41:19.988root 11241100x8000000000000000257374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec57840725661262023-02-08 09:41:19.988root 11241100x8000000000000000257373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98bb836f28cec5f82023-02-08 09:41:19.988root 11241100x8000000000000000257389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae15485f1c9f67d62023-02-08 09:41:19.989root 11241100x8000000000000000257388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0694c981ddbcf6dd2023-02-08 09:41:19.989root 11241100x8000000000000000257387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc1abd04918a0d912023-02-08 09:41:19.989root 11241100x8000000000000000257386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a39d5cc3f2bb43132023-02-08 09:41:19.989root 11241100x8000000000000000257385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.243821565719d2ad2023-02-08 09:41:19.989root 11241100x8000000000000000257384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c2778128a98e8c2023-02-08 09:41:19.989root 11241100x8000000000000000257383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87bf875e284e42fb2023-02-08 09:41:19.989root 11241100x8000000000000000257382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e188a87858fc72a2023-02-08 09:41:19.989root 11241100x8000000000000000257397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.289539b298611fbb2023-02-08 09:41:19.990root 11241100x8000000000000000257396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9098e1b61cead3952023-02-08 09:41:19.990root 11241100x8000000000000000257395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.998c568e01b9909d2023-02-08 09:41:19.990root 11241100x8000000000000000257394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac5a395ab8425a5a2023-02-08 09:41:19.990root 11241100x8000000000000000