11241100x8000000000000000256348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4ddcff5e5d95a202023-02-08 09:41:11.234root 11241100x8000000000000000256347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba04d1ca3660591b2023-02-08 09:41:11.234root 11241100x8000000000000000256346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.830a43c072bae8f12023-02-08 09:41:11.234root 11241100x8000000000000000256345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4546bbb826d2bb322023-02-08 09:41:11.234root 11241100x8000000000000000256344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb5ab73f28f6d0532023-02-08 09:41:11.234root 11241100x8000000000000000256343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f0e78369ebadcf12023-02-08 09:41:11.234root 11241100x8000000000000000256342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.747ff9ee6ec655e42023-02-08 09:41:11.234root 11241100x8000000000000000256341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ed2404e059403432023-02-08 09:41:11.234root 11241100x8000000000000000256364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f93423602a00e212023-02-08 09:41:11.235root 11241100x8000000000000000256363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c27892b7bac55e2023-02-08 09:41:11.235root 11241100x8000000000000000256362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f58d6519de6d703f2023-02-08 09:41:11.235root 11241100x8000000000000000256361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ecddd9ff5c8a3ea2023-02-08 09:41:11.235root 11241100x8000000000000000256360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba2426792784b5b22023-02-08 09:41:11.235root 11241100x8000000000000000256359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.629011b907887d942023-02-08 09:41:11.235root 11241100x8000000000000000256358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.553a9c840f09a7062023-02-08 09:41:11.235root 11241100x8000000000000000256357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e7405d1c9087e42023-02-08 09:41:11.235root 11241100x8000000000000000256356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6873dbbf691053af2023-02-08 09:41:11.235root 11241100x8000000000000000256355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b6b58c34dc0c16c2023-02-08 09:41:11.235root 11241100x8000000000000000256354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a63b1e73186ee13d2023-02-08 09:41:11.235root 11241100x8000000000000000256353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc40a1a4972bc4f2023-02-08 09:41:11.235root 11241100x8000000000000000256352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f42c51c50a3cec02023-02-08 09:41:11.235root 11241100x8000000000000000256351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c8276b550679bc92023-02-08 09:41:11.235root 11241100x8000000000000000256350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c7e9a4536aced92023-02-08 09:41:11.235root 11241100x8000000000000000256349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4c5c29d7ba55cc32023-02-08 09:41:11.235root 11241100x8000000000000000256379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc5856ceda5ffc02023-02-08 09:41:11.236root 11241100x8000000000000000256378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5438d66a9aa9ab852023-02-08 09:41:11.236root 11241100x8000000000000000256377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09b7416b55d6db42023-02-08 09:41:11.236root 11241100x8000000000000000256376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b0b4db82caf8b172023-02-08 09:41:11.236root 11241100x8000000000000000256375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b43e79ddc7fb31ed2023-02-08 09:41:11.236root 11241100x8000000000000000256374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ee2dff11f6617b2023-02-08 09:41:11.236root 11241100x8000000000000000256373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.580e0eed2230d3e42023-02-08 09:41:11.236root 11241100x8000000000000000256372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68212144e931c6c72023-02-08 09:41:11.236root 11241100x8000000000000000256371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c38901729099aad92023-02-08 09:41:11.236root 11241100x8000000000000000256370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5b9dc8e1a6dd2b32023-02-08 09:41:11.236root 11241100x8000000000000000256369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e8da10cfc3551142023-02-08 09:41:11.236root 11241100x8000000000000000256368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b010b0a3f3063632023-02-08 09:41:11.236root 11241100x8000000000000000256367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e79a406ca77015f22023-02-08 09:41:11.236root 11241100x8000000000000000256366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b0a35650ce751da2023-02-08 09:41:11.236root 11241100x8000000000000000256365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79926a05b8ff7b652023-02-08 09:41:11.236root 11241100x8000000000000000256387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.993cf7e0bf0382352023-02-08 09:41:11.237root 11241100x8000000000000000256386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c82b7ea7a812502023-02-08 09:41:11.237root 11241100x8000000000000000256385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf935f4dfe3ef3eb2023-02-08 09:41:11.237root 11241100x8000000000000000256384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65a74c1d9b1169432023-02-08 09:41:11.237root 11241100x8000000000000000256383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c92118ebc32fe22023-02-08 09:41:11.237root 11241100x8000000000000000256382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7415c8591d48814b2023-02-08 09:41:11.237root 11241100x8000000000000000256381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9dd24d729dfc3fa2023-02-08 09:41:11.237root 11241100x8000000000000000256380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04bf2dace1b606602023-02-08 09:41:11.237root 11241100x8000000000000000256392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db7a9189afaa83052023-02-08 09:41:11.734root 11241100x8000000000000000256391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c607cead39147f2023-02-08 09:41:11.734root 11241100x8000000000000000256390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef20a63ad65f0a3f2023-02-08 09:41:11.734root 11241100x8000000000000000256389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa378386c35b90322023-02-08 09:41:11.734root 11241100x8000000000000000256388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a90c343e23d9d282023-02-08 09:41:11.734root 11241100x8000000000000000256408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ab7af42222c7422023-02-08 09:41:11.735root 11241100x8000000000000000256407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.186eb1057ce0d1e62023-02-08 09:41:11.735root 11241100x8000000000000000256406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76a83fa6fd5a85772023-02-08 09:41:11.735root 11241100x8000000000000000256405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67600e973e5b75462023-02-08 09:41:11.735root 11241100x8000000000000000256404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e2e249a729561c2023-02-08 09:41:11.735root 11241100x8000000000000000256403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad414e4c1da1c122023-02-08 09:41:11.735root 11241100x8000000000000000256402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67cd3cbbafcf409c2023-02-08 09:41:11.735root 11241100x8000000000000000256401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4261db08ce82a4a52023-02-08 09:41:11.735root 11241100x8000000000000000256400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be1a305f5916e06b2023-02-08 09:41:11.735root 11241100x8000000000000000256399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2f17065605267a2023-02-08 09:41:11.735root 11241100x8000000000000000256398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75f3b947a2fc77632023-02-08 09:41:11.735root 11241100x8000000000000000256397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f76f5ee81116f32023-02-08 09:41:11.735root 11241100x8000000000000000256396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dcbc2cbd528cbbe2023-02-08 09:41:11.735root 11241100x8000000000000000256395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c046d55e0953ae32023-02-08 09:41:11.735root 11241100x8000000000000000256394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a06b7c8910ce1c0b2023-02-08 09:41:11.735root 11241100x8000000000000000256393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24cb2427434a12532023-02-08 09:41:11.735root 11241100x8000000000000000256423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d91aa945b3973ef2023-02-08 09:41:11.736root 11241100x8000000000000000256422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bd71d92e6e5b3102023-02-08 09:41:11.736root 11241100x8000000000000000256421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f58cdab667e49432023-02-08 09:41:11.736root 11241100x8000000000000000256420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a158d73f836e5d1d2023-02-08 09:41:11.736root 11241100x8000000000000000256419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f794399d584fab0e2023-02-08 09:41:11.736root 11241100x8000000000000000256418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04032e2f91217b922023-02-08 09:41:11.736root 11241100x8000000000000000256417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a28f6f9b47764c912023-02-08 09:41:11.736root 11241100x8000000000000000256416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581d3623375f6ef62023-02-08 09:41:11.736root 11241100x8000000000000000256415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5ed9c5d8fc5efff2023-02-08 09:41:11.736root 11241100x8000000000000000256414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953c917315a4f10c2023-02-08 09:41:11.736root 11241100x8000000000000000256413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a38cdbb61d19de32023-02-08 09:41:11.736root 11241100x8000000000000000256412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92eb6f4bb1d7bcaa2023-02-08 09:41:11.736root 11241100x8000000000000000256411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ff7dc7f142f3e72023-02-08 09:41:11.736root 11241100x8000000000000000256410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e49f568082167bb2023-02-08 09:41:11.736root 11241100x8000000000000000256409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1beeee2a14705c12023-02-08 09:41:11.736root 11241100x8000000000000000256435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6ddae1ac4e9ee12023-02-08 09:41:11.737root 11241100x8000000000000000256434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea52ad5b26cacbfa2023-02-08 09:41:11.737root 11241100x8000000000000000256433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62a4be3e2d7716012023-02-08 09:41:11.737root 11241100x8000000000000000256432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e47eafef78f05562023-02-08 09:41:11.737root 11241100x8000000000000000256431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62601a1966ae19532023-02-08 09:41:11.737root 11241100x8000000000000000256430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57a4bfc3dbc4a9e02023-02-08 09:41:11.737root 11241100x8000000000000000256429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.477d92e189accd382023-02-08 09:41:11.737root 11241100x8000000000000000256428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c7afcca68db8db2023-02-08 09:41:11.737root 11241100x8000000000000000256427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e1ca48d85b0beff2023-02-08 09:41:11.737root 11241100x8000000000000000256426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.badd36357188e99d2023-02-08 09:41:11.737root 11241100x8000000000000000256425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d65f6c8ba1cddc2023-02-08 09:41:11.737root 11241100x8000000000000000256424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b5b9770205d4242023-02-08 09:41:11.737root 11241100x8000000000000000256437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.417a110f6a5fdd652023-02-08 09:41:11.740root 11241100x8000000000000000256436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bc754b0ca0f33622023-02-08 09:41:11.740root 11241100x8000000000000000256443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ff8a4f7b1ee03b2023-02-08 09:41:12.234root 11241100x8000000000000000256442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.758ca1cc4ef525822023-02-08 09:41:12.234root 11241100x8000000000000000256441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f960707434a8f38b2023-02-08 09:41:12.234root 11241100x8000000000000000256440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888458f0d5aaa8a42023-02-08 09:41:12.234root 11241100x8000000000000000256439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.144b9e6464adaa532023-02-08 09:41:12.234root 11241100x8000000000000000256438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd2725182cdda882023-02-08 09:41:12.234root 11241100x8000000000000000256448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66765a0fe351d4c42023-02-08 09:41:12.235root 11241100x8000000000000000256447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58a875cf16e66bc82023-02-08 09:41:12.235root 11241100x8000000000000000256446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6786459c84dbc5fd2023-02-08 09:41:12.235root 11241100x8000000000000000256445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c73d5f64f8744f4e2023-02-08 09:41:12.235root 11241100x8000000000000000256444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae24400523443d122023-02-08 09:41:12.235root 11241100x8000000000000000256456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6499f218ebfd3c822023-02-08 09:41:12.236root 11241100x8000000000000000256455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eff7ccf2af5df57e2023-02-08 09:41:12.236root 11241100x8000000000000000256454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df8dc654a2cbf60b2023-02-08 09:41:12.236root 11241100x8000000000000000256453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9fe1222121ceb72023-02-08 09:41:12.236root 11241100x8000000000000000256452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ff91d60c6980e42023-02-08 09:41:12.236root 11241100x8000000000000000256451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91dbd226c5fa6a5b2023-02-08 09:41:12.236root 11241100x8000000000000000256450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff62f621fc02c6912023-02-08 09:41:12.236root 11241100x8000000000000000256449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bece1b5524ff18a2023-02-08 09:41:12.236root 11241100x8000000000000000256464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15dd3491e8fa6ef32023-02-08 09:41:12.237root 11241100x8000000000000000256463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94d5d4cf88af8a0e2023-02-08 09:41:12.237root 11241100x8000000000000000256462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dca0c77e508640522023-02-08 09:41:12.237root 11241100x8000000000000000256461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aee53ca1b70b55f2023-02-08 09:41:12.237root 11241100x8000000000000000256460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.822bdb3afdab93ca2023-02-08 09:41:12.237root 11241100x8000000000000000256459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d06394c3dc4995f92023-02-08 09:41:12.237root 11241100x8000000000000000256458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f49067fcbe465b82023-02-08 09:41:12.237root 11241100x8000000000000000256457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.779772ec03bf51ec2023-02-08 09:41:12.237root 11241100x8000000000000000256472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1358b62bf7812142023-02-08 09:41:12.238root 11241100x8000000000000000256471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2516436ba8dcc7be2023-02-08 09:41:12.238root 11241100x8000000000000000256470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78016480592168422023-02-08 09:41:12.238root 11241100x8000000000000000256469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef45bd9ea93e76f2023-02-08 09:41:12.238root 11241100x8000000000000000256468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.812fe179e4c006262023-02-08 09:41:12.238root 11241100x8000000000000000256467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e42f01d12a6d352023-02-08 09:41:12.238root 11241100x8000000000000000256466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3153a6705ac4c34c2023-02-08 09:41:12.238root 11241100x8000000000000000256465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.565571656a304a0c2023-02-08 09:41:12.238root 11241100x8000000000000000256476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ee7f668b3bff552023-02-08 09:41:12.239root 11241100x8000000000000000256475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15bf64c1a5a98cc32023-02-08 09:41:12.239root 11241100x8000000000000000256474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d22838501c6c6b72023-02-08 09:41:12.239root 11241100x8000000000000000256473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56a2352d426f1d642023-02-08 09:41:12.239root 11241100x8000000000000000256486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc694d20ce8f3ca62023-02-08 09:41:12.240root 11241100x8000000000000000256485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d464098d3a975c7a2023-02-08 09:41:12.240root 11241100x8000000000000000256484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abbf1adc0a5395652023-02-08 09:41:12.240root 11241100x8000000000000000256483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.235cc36c02344cec2023-02-08 09:41:12.240root 11241100x8000000000000000256482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb2995e439b6b28b2023-02-08 09:41:12.240root 11241100x8000000000000000256481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9abf42aabbc146022023-02-08 09:41:12.240root 11241100x8000000000000000256480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52e5ce87ca504faa2023-02-08 09:41:12.240root 11241100x8000000000000000256479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1d82f8745981ba22023-02-08 09:41:12.240root 11241100x8000000000000000256478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a5afac1bc2f51b22023-02-08 09:41:12.240root 11241100x8000000000000000256477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ce1d99e11ccd9f2023-02-08 09:41:12.240root 11241100x8000000000000000256490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.311a51f39e199c772023-02-08 09:41:12.241root 11241100x8000000000000000256489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.078f69118c3332a12023-02-08 09:41:12.241root 11241100x8000000000000000256488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1bed33537018b4e2023-02-08 09:41:12.241root 11241100x8000000000000000256487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6537e71ca2daf5c82023-02-08 09:41:12.241root 11241100x8000000000000000256493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d46ab7169aacbbeb2023-02-08 09:41:12.734root 11241100x8000000000000000256492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2abb5a0da43117f32023-02-08 09:41:12.734root 11241100x8000000000000000256491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6be269d6abc42732023-02-08 09:41:12.734root 11241100x8000000000000000256505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd90bb5bdb1227992023-02-08 09:41:12.735root 11241100x8000000000000000256504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e97549de877d5652023-02-08 09:41:12.735root 11241100x8000000000000000256503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25f1ca25e808110b2023-02-08 09:41:12.735root 11241100x8000000000000000256502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a1b58c424148b372023-02-08 09:41:12.735root 11241100x8000000000000000256501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9872f38a2f114e822023-02-08 09:41:12.735root 11241100x8000000000000000256500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c1c55f08743d952023-02-08 09:41:12.735root 11241100x8000000000000000256499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ce4e24f39c70c02023-02-08 09:41:12.735root 11241100x8000000000000000256498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f9849d50a99148a2023-02-08 09:41:12.735root 11241100x8000000000000000256497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.750b22553ca9eda42023-02-08 09:41:12.735root 11241100x8000000000000000256496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0eddd7111ae75d12023-02-08 09:41:12.735root 11241100x8000000000000000256495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f119a581c875bc2023-02-08 09:41:12.735root 11241100x8000000000000000256494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a7760e4e05af44a2023-02-08 09:41:12.735root 11241100x8000000000000000256514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa013289c041de302023-02-08 09:41:12.736root 11241100x8000000000000000256513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9369fc3e764ef0702023-02-08 09:41:12.736root 11241100x8000000000000000256512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a2a771cd3cf9ad92023-02-08 09:41:12.736root 11241100x8000000000000000256511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.936c2f91ca63a37a2023-02-08 09:41:12.736root 11241100x8000000000000000256510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.985d4b9900f800bb2023-02-08 09:41:12.736root 11241100x8000000000000000256509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e328bde293ea3a802023-02-08 09:41:12.736root 11241100x8000000000000000256508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e980cf57eec9c42023-02-08 09:41:12.736root 11241100x8000000000000000256507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a0850493e04a582023-02-08 09:41:12.736root 11241100x8000000000000000256506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c8b0bf9f762fbe2023-02-08 09:41:12.736root 11241100x8000000000000000256523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe8bb73ac7bd0472023-02-08 09:41:12.737root 11241100x8000000000000000256522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe01d551a2c81f8f2023-02-08 09:41:12.737root 11241100x8000000000000000256521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c93c9d3e4905aa72023-02-08 09:41:12.737root 11241100x8000000000000000256520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9429e5e5fce239da2023-02-08 09:41:12.737root 11241100x8000000000000000256519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b089d40bb644662023-02-08 09:41:12.737root 11241100x8000000000000000256518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7957b9de1a3bff892023-02-08 09:41:12.737root 11241100x8000000000000000256517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2699a5fe6fec77972023-02-08 09:41:12.737root 11241100x8000000000000000256516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b94e73a29f21692023-02-08 09:41:12.737root 11241100x8000000000000000256515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8402d357a0b8d172023-02-08 09:41:12.737root 11241100x8000000000000000256536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5dcf293a007ae112023-02-08 09:41:12.738root 11241100x8000000000000000256535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f6f5a18d619dd6a2023-02-08 09:41:12.738root 11241100x8000000000000000256534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde3310da5236b802023-02-08 09:41:12.738root 11241100x8000000000000000256533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1addac677229baaa2023-02-08 09:41:12.738root 11241100x8000000000000000256532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9773fb8f5c0be82023-02-08 09:41:12.738root 11241100x8000000000000000256531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24619af9ca1af9cd2023-02-08 09:41:12.738root 11241100x8000000000000000256530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d7ad9d7b97b8692023-02-08 09:41:12.738root 11241100x8000000000000000256529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.355a8c92d78d965e2023-02-08 09:41:12.738root 11241100x8000000000000000256528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.150e30a6e07f129b2023-02-08 09:41:12.738root 11241100x8000000000000000256527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e68dc84ed2c2e9132023-02-08 09:41:12.738root 11241100x8000000000000000256526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e595a0df5c0941ee2023-02-08 09:41:12.738root 11241100x8000000000000000256525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01c17cb664cb90212023-02-08 09:41:12.738root 11241100x8000000000000000256524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f31ad75f748eaa32023-02-08 09:41:12.738root 11241100x8000000000000000256537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0cec9f963deef02023-02-08 09:41:12.739root 11241100x8000000000000000256542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef95c0963137d1d2023-02-08 09:41:12.740root 11241100x8000000000000000256541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeab70454e52f2bd2023-02-08 09:41:12.740root 11241100x8000000000000000256540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51a0361575331da32023-02-08 09:41:12.740root 11241100x8000000000000000256539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2e9d7a743296bfa2023-02-08 09:41:12.740root 11241100x8000000000000000256538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f0887e9c2aff542023-02-08 09:41:12.740root 11241100x8000000000000000256546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ec5b5893351b4d2023-02-08 09:41:12.741root 11241100x8000000000000000256545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53edb5b5c7b32d8e2023-02-08 09:41:12.741root 11241100x8000000000000000256544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c02034c466606482023-02-08 09:41:12.741root 11241100x8000000000000000256543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.484b04e1848a066b2023-02-08 09:41:12.741root 354300x8000000000000000256547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.110{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-45760-false10.0.1.12-8000- 11241100x8000000000000000256552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.111{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4ea5b534bd306e2023-02-08 09:41:13.111root 11241100x8000000000000000256551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.111{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e9b06a6cd036ef2023-02-08 09:41:13.111root 11241100x8000000000000000256550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.111{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca4d1d49a7a54fc12023-02-08 09:41:13.111root 11241100x8000000000000000256549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.111{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dade1d58f064ccde2023-02-08 09:41:13.111root 11241100x8000000000000000256548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.111{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca78bcd42ece30eb2023-02-08 09:41:13.111root 11241100x8000000000000000256563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.112{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf21d0694e05ac02023-02-08 09:41:13.112root 11241100x8000000000000000256562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.112{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6f95c445cce6e4c2023-02-08 09:41:13.112root 11241100x8000000000000000256561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.112{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7253ad5b7d478f0d2023-02-08 09:41:13.112root 11241100x8000000000000000256560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.112{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d467b5a112c118452023-02-08 09:41:13.112root 11241100x8000000000000000256559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.112{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a57e2829492d06f2023-02-08 09:41:13.112root 11241100x8000000000000000256558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.112{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a55d6c2a93a42eaa2023-02-08 09:41:13.112root 11241100x8000000000000000256557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.112{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d2b6a355e84ef42023-02-08 09:41:13.112root 11241100x8000000000000000256556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.112{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa2b0b57e1549e32023-02-08 09:41:13.112root 11241100x8000000000000000256555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.112{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f70489c9521d804a2023-02-08 09:41:13.112root 11241100x8000000000000000256554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.112{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d25b13a9a1934be82023-02-08 09:41:13.112root 11241100x8000000000000000256553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.112{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d72c54e7f73a912023-02-08 09:41:13.112root 11241100x8000000000000000256571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.113{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b3ae844879ecbf2023-02-08 09:41:13.113root 11241100x8000000000000000256570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.113{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.490fac488ab04e812023-02-08 09:41:13.113root 11241100x8000000000000000256569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.113{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc1ba6a04e1c59692023-02-08 09:41:13.113root 11241100x8000000000000000256568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.113{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d093c5c08b466a772023-02-08 09:41:13.113root 11241100x8000000000000000256567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.113{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e1675e7f13b01552023-02-08 09:41:13.113root 11241100x8000000000000000256566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.113{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ba5362aaf7220462023-02-08 09:41:13.113root 11241100x8000000000000000256565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.113{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6472bd3d527ebb282023-02-08 09:41:13.113root 11241100x8000000000000000256564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.113{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.460f19fbc757d1ba2023-02-08 09:41:13.113root 11241100x8000000000000000256574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.114{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ad2491c9aa18fa2023-02-08 09:41:13.114root 11241100x8000000000000000256573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.114{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29eea1da0007eb172023-02-08 09:41:13.114root 11241100x8000000000000000256572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.114{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09908d0f0a3e7af72023-02-08 09:41:13.114root 11241100x8000000000000000256579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.115{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6567fa3c123d6542023-02-08 09:41:13.115root 11241100x8000000000000000256578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.115{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b29878cfecab9b032023-02-08 09:41:13.115root 11241100x8000000000000000256577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.115{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d0ce6d7a4b39db2023-02-08 09:41:13.115root 11241100x8000000000000000256576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.115{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.127b848349f042792023-02-08 09:41:13.115root 11241100x8000000000000000256575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.115{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce521b307f789f762023-02-08 09:41:13.115root 11241100x8000000000000000256587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.116{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc28c1f3ba9b7902023-02-08 09:41:13.116root 11241100x8000000000000000256586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.116{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775e7a669a1068872023-02-08 09:41:13.116root 11241100x8000000000000000256585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.116{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e51d6cd66d13f72023-02-08 09:41:13.116root 11241100x8000000000000000256584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.116{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae99ccf5eeedba842023-02-08 09:41:13.116root 11241100x8000000000000000256583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.116{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fd1bd128e60382b2023-02-08 09:41:13.116root 11241100x8000000000000000256582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.116{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.705d5c3029f607a62023-02-08 09:41:13.116root 11241100x8000000000000000256581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.116{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af87e5a35659872c2023-02-08 09:41:13.116root 11241100x8000000000000000256580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.116{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f0f04bad6ada142023-02-08 09:41:13.116root 11241100x8000000000000000256594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.117{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e956fc4a45f40a592023-02-08 09:41:13.117root 11241100x8000000000000000256593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.117{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe412973757c68672023-02-08 09:41:13.117root 11241100x8000000000000000256592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.117{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80534f06e884b3d02023-02-08 09:41:13.117root 11241100x8000000000000000256591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.117{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.047c7d87ebbcb2b82023-02-08 09:41:13.117root 11241100x8000000000000000256590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.117{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f37d6fe9bd5f33d62023-02-08 09:41:13.117root 11241100x8000000000000000256589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.117{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b1047060a9ef372023-02-08 09:41:13.117root 11241100x8000000000000000256588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.117{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f14f78872558c43d2023-02-08 09:41:13.117root 11241100x8000000000000000256604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.118{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf83b70522eb83fe2023-02-08 09:41:13.118root 11241100x8000000000000000256603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.118{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b37e63536e4c0832023-02-08 09:41:13.118root 11241100x8000000000000000256602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.118{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d785f3a2ecc34f92023-02-08 09:41:13.118root 11241100x8000000000000000256601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.118{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0870d410ccba51fd2023-02-08 09:41:13.118root 11241100x8000000000000000256600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.118{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c4e2099f980157d2023-02-08 09:41:13.118root 11241100x8000000000000000256599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.118{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27c3567f4cd38a612023-02-08 09:41:13.118root 11241100x8000000000000000256598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.118{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b583a2594006a4a62023-02-08 09:41:13.118root 11241100x8000000000000000256597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.118{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ac6fc6d610dcf12023-02-08 09:41:13.118root 11241100x8000000000000000256596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.118{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba36fd4b63f1d2ab2023-02-08 09:41:13.118root 11241100x8000000000000000256595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.118{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce94688880f7e8952023-02-08 09:41:13.118root 11241100x8000000000000000256609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.119{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b37dd3b192e643162023-02-08 09:41:13.119root 11241100x8000000000000000256608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.119{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f58991160b48ecd2023-02-08 09:41:13.119root 11241100x8000000000000000256607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.119{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e4e999b49e0d7d2023-02-08 09:41:13.119root 11241100x8000000000000000256606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.119{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.990dcfcfb14431d82023-02-08 09:41:13.119root 11241100x8000000000000000256605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.119{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f743d57ad0503092023-02-08 09:41:13.119root 11241100x8000000000000000256615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.120{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d96e227372d16f072023-02-08 09:41:13.120root 11241100x8000000000000000256614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.120{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d3eb29fc3542ba82023-02-08 09:41:13.120root 11241100x8000000000000000256613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.120{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a56bc26cb7430d32023-02-08 09:41:13.120root 11241100x8000000000000000256612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.120{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0480c86e43de8db2023-02-08 09:41:13.120root 11241100x8000000000000000256611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.120{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a07604e4349757e72023-02-08 09:41:13.120root 11241100x8000000000000000256610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.120{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e1c34bf5a826fe22023-02-08 09:41:13.120root 11241100x8000000000000000256617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.121{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.865101d672568e4b2023-02-08 09:41:13.121root 11241100x8000000000000000256616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.121{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68111f883890aec42023-02-08 09:41:13.121root 11241100x8000000000000000256622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.122{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ab5b6cc6b861c22023-02-08 09:41:13.122root 11241100x8000000000000000256621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.122{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5818756b8ca0ce952023-02-08 09:41:13.122root 11241100x8000000000000000256620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.122{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.145544ece67e04662023-02-08 09:41:13.122root 11241100x8000000000000000256619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.122{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdbb8d47281a45262023-02-08 09:41:13.122root 11241100x8000000000000000256618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.122{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b254fffd22362412023-02-08 09:41:13.122root 11241100x8000000000000000256626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49b8ff93573d61032023-02-08 09:41:13.485root 11241100x8000000000000000256625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2147b7cf700c83b2023-02-08 09:41:13.485root 11241100x8000000000000000256624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c318aa1684f3666c2023-02-08 09:41:13.485root 11241100x8000000000000000256623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf5463e38dc2d4892023-02-08 09:41:13.485root 11241100x8000000000000000256638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca8b4277fd5f1db02023-02-08 09:41:13.486root 11241100x8000000000000000256637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32a91f13006a1ec42023-02-08 09:41:13.486root 11241100x8000000000000000256636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.853f2b46274337672023-02-08 09:41:13.486root 11241100x8000000000000000256635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0990bb04b04f1eb42023-02-08 09:41:13.486root 11241100x8000000000000000256634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.063cf56b497fca142023-02-08 09:41:13.486root 11241100x8000000000000000256633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ed5f8a465c9f502023-02-08 09:41:13.486root 11241100x8000000000000000256632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.179bacc97e7367b32023-02-08 09:41:13.486root 11241100x8000000000000000256631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2e8ea8f2f146c42023-02-08 09:41:13.486root 11241100x8000000000000000256630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b56a41bb2db6a012023-02-08 09:41:13.486root 11241100x8000000000000000256629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42114290095ce88a2023-02-08 09:41:13.486root 11241100x8000000000000000256628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d62bfebc8d88f4072023-02-08 09:41:13.486root 11241100x8000000000000000256627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c7999f650877c82023-02-08 09:41:13.486root 11241100x8000000000000000256640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb32727c9dab2812023-02-08 09:41:13.487root 11241100x8000000000000000256639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cdd0299b921a2ba2023-02-08 09:41:13.487root 11241100x8000000000000000256649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08a2916d2a2633e72023-02-08 09:41:13.488root 11241100x8000000000000000256648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7aa0182f62fbfc52023-02-08 09:41:13.488root 11241100x8000000000000000256647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e08d1843ea2b3ca02023-02-08 09:41:13.488root 11241100x8000000000000000256646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ea7c8cd7fb5eeb2023-02-08 09:41:13.488root 11241100x8000000000000000256645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0a1b6787880c4ec2023-02-08 09:41:13.488root 11241100x8000000000000000256644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.772beafc4c8296d22023-02-08 09:41:13.488root 11241100x8000000000000000256643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d5ffe0ac360ece02023-02-08 09:41:13.488root 11241100x8000000000000000256642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05094f1f171d16aa2023-02-08 09:41:13.488root 11241100x8000000000000000256641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a0e19c24c21b5b2023-02-08 09:41:13.488root 11241100x8000000000000000256652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d672794cc4e62c792023-02-08 09:41:13.489root 11241100x8000000000000000256651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.088dba22bc2433072023-02-08 09:41:13.489root 11241100x8000000000000000256650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e061289019f01f802023-02-08 09:41:13.489root 11241100x8000000000000000256659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.978326ff4c93ed542023-02-08 09:41:13.496root 11241100x8000000000000000256658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e23485a47fce4f22023-02-08 09:41:13.496root 11241100x8000000000000000256657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f464fb93ceb5e172023-02-08 09:41:13.496root 11241100x8000000000000000256656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.780285a2deb9834d2023-02-08 09:41:13.496root 11241100x8000000000000000256655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceaecceec195b9d12023-02-08 09:41:13.496root 11241100x8000000000000000256654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61978aa8a99015b82023-02-08 09:41:13.496root 11241100x8000000000000000256653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bc6b03f5ec850092023-02-08 09:41:13.496root 11241100x8000000000000000256667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb5c4a7b90778df52023-02-08 09:41:13.497root 11241100x8000000000000000256666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b885ff83717da4332023-02-08 09:41:13.497root 11241100x8000000000000000256665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f026dcf29fb2a3aa2023-02-08 09:41:13.497root 11241100x8000000000000000256664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81c29ef8eb78057d2023-02-08 09:41:13.497root 11241100x8000000000000000256663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e32c35462fc44cb22023-02-08 09:41:13.497root 11241100x8000000000000000256662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9989113bd21051e2023-02-08 09:41:13.497root 11241100x8000000000000000256661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32437ad162bbc03b2023-02-08 09:41:13.497root 11241100x8000000000000000256660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e84d7c8e4b80a87c2023-02-08 09:41:13.497root 11241100x8000000000000000256677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1943745523c9e422023-02-08 09:41:13.985root 11241100x8000000000000000256676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200be8c0e91bd3342023-02-08 09:41:13.985root 11241100x8000000000000000256675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52440fea57ae50192023-02-08 09:41:13.985root 11241100x8000000000000000256674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d87519b80453fe2023-02-08 09:41:13.985root 11241100x8000000000000000256673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.397f9f9d6919de842023-02-08 09:41:13.985root 11241100x8000000000000000256672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd0ccfbd451f8162023-02-08 09:41:13.985root 11241100x8000000000000000256671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1dd9db4917d145f2023-02-08 09:41:13.985root 11241100x8000000000000000256670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d522e03ada477492023-02-08 09:41:13.985root 11241100x8000000000000000256669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2353bcc8abb4cbd2023-02-08 09:41:13.985root 11241100x8000000000000000256668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd758442d7f5eec82023-02-08 09:41:13.985root 11241100x8000000000000000256686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3929cea2c33015c02023-02-08 09:41:13.986root 11241100x8000000000000000256685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc345009a4e3a1822023-02-08 09:41:13.986root 11241100x8000000000000000256684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a751a5e59023730b2023-02-08 09:41:13.986root 11241100x8000000000000000256683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52d48f8b0c3cc9b52023-02-08 09:41:13.986root 11241100x8000000000000000256682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5436bb4be20f8f4a2023-02-08 09:41:13.986root 11241100x8000000000000000256681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50a607fa5dd328132023-02-08 09:41:13.986root 11241100x8000000000000000256680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9ca8822906476652023-02-08 09:41:13.986root 11241100x8000000000000000256679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee959355050b2cdb2023-02-08 09:41:13.986root 11241100x8000000000000000256678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c93c3f27c7bb4802023-02-08 09:41:13.986root 11241100x8000000000000000256696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d298b571ee7850c22023-02-08 09:41:13.987root 11241100x8000000000000000256695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e198e964245497d22023-02-08 09:41:13.987root 11241100x8000000000000000256694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.901d8c9a84a842d42023-02-08 09:41:13.987root 11241100x8000000000000000256693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b3885b2329044cf2023-02-08 09:41:13.987root 11241100x8000000000000000256692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65cf0d347ffd24122023-02-08 09:41:13.987root 11241100x8000000000000000256691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b093eff3dea9ad2023-02-08 09:41:13.987root 11241100x8000000000000000256690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a5af7747fff0f3e2023-02-08 09:41:13.987root 11241100x8000000000000000256689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f589da7acf190212023-02-08 09:41:13.987root 11241100x8000000000000000256688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a88aa8311bff3612023-02-08 09:41:13.987root 11241100x8000000000000000256687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881bd3e0df195d742023-02-08 09:41:13.987root 11241100x8000000000000000256706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75502ffc7d4e67da2023-02-08 09:41:13.988root 11241100x8000000000000000256705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.828bb91d405127b22023-02-08 09:41:13.988root 11241100x8000000000000000256704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b004d2c1865ac312023-02-08 09:41:13.988root 11241100x8000000000000000256703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398dffc254ad5f802023-02-08 09:41:13.988root 11241100x8000000000000000256702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddcbe7b39cdec97c2023-02-08 09:41:13.988root 11241100x8000000000000000256701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab26f5000b3865c2023-02-08 09:41:13.988root 11241100x8000000000000000256700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c01a949453b7aa2023-02-08 09:41:13.988root 11241100x8000000000000000256699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2845a220c3007d632023-02-08 09:41:13.988root 11241100x8000000000000000256698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c89cdb49baad1732023-02-08 09:41:13.988root 11241100x8000000000000000256697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b2f416660682382023-02-08 09:41:13.988root 11241100x8000000000000000256710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2643495dc691ccb2023-02-08 09:41:13.989root 11241100x8000000000000000256709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad484504e687ca422023-02-08 09:41:13.989root 11241100x8000000000000000256708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d58b9fb0d021ca2023-02-08 09:41:13.989root 11241100x8000000000000000256707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8053394c4a87b5a42023-02-08 09:41:13.989root 11241100x8000000000000000256713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aaa7faf60df1f6a2023-02-08 09:41:13.990root 11241100x8000000000000000256712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4117cc95cc00d9fb2023-02-08 09:41:13.990root 11241100x8000000000000000256711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be5b08648ceb54682023-02-08 09:41:13.990root 11241100x8000000000000000256720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b373012ef0120b02023-02-08 09:41:14.484root 11241100x8000000000000000256719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d011fcc31c0aa412023-02-08 09:41:14.484root 11241100x8000000000000000256718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc59b96d59fb30992023-02-08 09:41:14.484root 11241100x8000000000000000256717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f08e1ef50e922262023-02-08 09:41:14.484root 11241100x8000000000000000256716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a59f187992e7a422023-02-08 09:41:14.484root 11241100x8000000000000000256715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8339090248550b0e2023-02-08 09:41:14.484root 11241100x8000000000000000256714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67cc8aa69f47d0ba2023-02-08 09:41:14.484root 11241100x8000000000000000256728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb912f4ef9947bb2023-02-08 09:41:14.485root 11241100x8000000000000000256727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a507b1341a50a3a02023-02-08 09:41:14.485root 11241100x8000000000000000256726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ed034b1151da972023-02-08 09:41:14.485root 11241100x8000000000000000256725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e8c03dada5a8d982023-02-08 09:41:14.485root 11241100x8000000000000000256724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6613eeef1d4288f12023-02-08 09:41:14.485root 11241100x8000000000000000256723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.394c65586047eadf2023-02-08 09:41:14.485root 11241100x8000000000000000256722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c02db88e678f126a2023-02-08 09:41:14.485root 11241100x8000000000000000256721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac3b39fcdf07cc902023-02-08 09:41:14.485root 11241100x8000000000000000256737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0268ae5b9ed3d4d52023-02-08 09:41:14.486root 11241100x8000000000000000256736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a912996632af2cbc2023-02-08 09:41:14.486root 11241100x8000000000000000256735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c87188f665f1ad2023-02-08 09:41:14.486root 11241100x8000000000000000256734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec74a58467bc07f2023-02-08 09:41:14.486root 11241100x8000000000000000256733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c5274d11e4cb282023-02-08 09:41:14.486root 11241100x8000000000000000256732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f64bc99844d8be952023-02-08 09:41:14.486root 11241100x8000000000000000256731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63cd0269aee469752023-02-08 09:41:14.486root 11241100x8000000000000000256730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0786b7139d7c2b072023-02-08 09:41:14.486root 11241100x8000000000000000256729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.404f2de63b5ad9752023-02-08 09:41:14.486root 11241100x8000000000000000256747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84afccfdbcdd4fef2023-02-08 09:41:14.487root 11241100x8000000000000000256746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dcfca03e91bc8492023-02-08 09:41:14.487root 11241100x8000000000000000256745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.799372bbc1216b3b2023-02-08 09:41:14.487root 11241100x8000000000000000256744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8729aeaecceae7b2023-02-08 09:41:14.487root 11241100x8000000000000000256743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b7139d47c7000b2023-02-08 09:41:14.487root 11241100x8000000000000000256742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5627f96e76d74f502023-02-08 09:41:14.487root 11241100x8000000000000000256741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcfe217a5e66bad52023-02-08 09:41:14.487root 11241100x8000000000000000256740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33705f1c355633d82023-02-08 09:41:14.487root 11241100x8000000000000000256739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b661632c58b81b52023-02-08 09:41:14.487root 11241100x8000000000000000256738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b441b46c48dc2702023-02-08 09:41:14.487root 11241100x8000000000000000256759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a0a5e6ac913c2d2023-02-08 09:41:14.488root 11241100x8000000000000000256758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7a85c7fa39469d02023-02-08 09:41:14.488root 11241100x8000000000000000256757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adc82ef9c0beccb22023-02-08 09:41:14.488root 11241100x8000000000000000256756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25198f281b3143bd2023-02-08 09:41:14.488root 11241100x8000000000000000256755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cae49cb196eb3a4f2023-02-08 09:41:14.488root 11241100x8000000000000000256754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e78ab938096feaa2023-02-08 09:41:14.488root 11241100x8000000000000000256753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.243a53f2d2f9672d2023-02-08 09:41:14.488root 11241100x8000000000000000256752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc599f19a3e49b742023-02-08 09:41:14.488root 11241100x8000000000000000256751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdb8157cf701331d2023-02-08 09:41:14.488root 11241100x8000000000000000256750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1811f6d9d99422982023-02-08 09:41:14.488root 11241100x8000000000000000256749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267a9825bea1bfcb2023-02-08 09:41:14.488root 11241100x8000000000000000256748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03647db8bebfb4f92023-02-08 09:41:14.488root 11241100x8000000000000000256766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5fe31df5650f9352023-02-08 09:41:14.489root 11241100x8000000000000000256765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da74dc49bf11e3912023-02-08 09:41:14.489root 11241100x8000000000000000256764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9cae7f663c28c472023-02-08 09:41:14.489root 11241100x8000000000000000256763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e76b681c32db8f162023-02-08 09:41:14.489root 11241100x8000000000000000256762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.679403530631913b2023-02-08 09:41:14.489root 11241100x8000000000000000256761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59776dfe5b35cc8a2023-02-08 09:41:14.489root 11241100x8000000000000000256760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1099f70b1425b6242023-02-08 09:41:14.489root 11241100x8000000000000000256774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.541196e41f09d8c72023-02-08 09:41:14.984root 11241100x8000000000000000256773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff16433f4f187802023-02-08 09:41:14.984root 11241100x8000000000000000256772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c90a2a3d2b4c2a22023-02-08 09:41:14.984root 11241100x8000000000000000256771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a4940cc18915eb2023-02-08 09:41:14.984root 11241100x8000000000000000256770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.683d75ee489c9e262023-02-08 09:41:14.984root 11241100x8000000000000000256769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.579f6cdcf6d388e12023-02-08 09:41:14.984root 11241100x8000000000000000256768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d460db22c2f4296a2023-02-08 09:41:14.984root 11241100x8000000000000000256767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf4c5dc4fcf656452023-02-08 09:41:14.984root 11241100x8000000000000000256784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e2df6e45e8dc7202023-02-08 09:41:14.985root 11241100x8000000000000000256783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdceaf1c330094a62023-02-08 09:41:14.985root 11241100x8000000000000000256782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e47790f4a1604a2023-02-08 09:41:14.985root 11241100x8000000000000000256781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6354aac6dd857f42023-02-08 09:41:14.985root 11241100x8000000000000000256780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c8d0d17b9ee7d952023-02-08 09:41:14.985root 11241100x8000000000000000256779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd7b5524ef2a7c22023-02-08 09:41:14.985root 11241100x8000000000000000256778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a7d463892af55c2023-02-08 09:41:14.985root 11241100x8000000000000000256777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e499ec2795883b092023-02-08 09:41:14.985root 11241100x8000000000000000256776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e4a56e529c2277d2023-02-08 09:41:14.985root 11241100x8000000000000000256775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7df98e369ddb21e2023-02-08 09:41:14.985root 11241100x8000000000000000256795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1540d2768ff1090b2023-02-08 09:41:14.986root 11241100x8000000000000000256794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adea3218f53007452023-02-08 09:41:14.986root 11241100x8000000000000000256793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb0c60556e204d22023-02-08 09:41:14.986root 11241100x8000000000000000256792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.882d9f59a3648e6d2023-02-08 09:41:14.986root 11241100x8000000000000000256791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.157cf9e732b02f172023-02-08 09:41:14.986root 11241100x8000000000000000256790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.305fbfe75e46484e2023-02-08 09:41:14.986root 11241100x8000000000000000256789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3357048366171c2e2023-02-08 09:41:14.986root 11241100x8000000000000000256788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62102b1a98658f942023-02-08 09:41:14.986root 11241100x8000000000000000256787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cefb4a6ebb7b48f2023-02-08 09:41:14.986root 11241100x8000000000000000256786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.205f2c57a9147bd12023-02-08 09:41:14.986root 11241100x8000000000000000256785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c321942242d4ad7b2023-02-08 09:41:14.986root 11241100x8000000000000000256804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17de5741fac76e302023-02-08 09:41:14.987root 11241100x8000000000000000256803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4daa0a571d8ddccd2023-02-08 09:41:14.987root 11241100x8000000000000000256802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbb367aae46f3d902023-02-08 09:41:14.987root 11241100x8000000000000000256801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfc39907b1365ce72023-02-08 09:41:14.987root 11241100x8000000000000000256800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a3a97a5b2137de42023-02-08 09:41:14.987root 11241100x8000000000000000256799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.751b6904a0fd93ef2023-02-08 09:41:14.987root 11241100x8000000000000000256798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e44f571f2f541d6c2023-02-08 09:41:14.987root 11241100x8000000000000000256797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.504c3756bcf878c42023-02-08 09:41:14.987root 11241100x8000000000000000256796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aa6972b14a620702023-02-08 09:41:14.987root 11241100x8000000000000000256814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6928c4f1dcbb4df2023-02-08 09:41:14.988root 11241100x8000000000000000256813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.561e210c5d0e84572023-02-08 09:41:14.988root 11241100x8000000000000000256812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6db74094bb4cfbb2023-02-08 09:41:14.988root 11241100x8000000000000000256811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.998110ea05465e7d2023-02-08 09:41:14.988root 11241100x8000000000000000256810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.085152755f6d4ab92023-02-08 09:41:14.988root 11241100x8000000000000000256809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb17846fae500932023-02-08 09:41:14.988root 11241100x8000000000000000256808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c148fa1da535322023-02-08 09:41:14.988root 11241100x8000000000000000256807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1018265102ada0d2023-02-08 09:41:14.988root 11241100x8000000000000000256806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.787692ce4c990f0d2023-02-08 09:41:14.988root 11241100x8000000000000000256805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62dc207a26800fa12023-02-08 09:41:14.988root 11241100x8000000000000000256818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56c5512b1b6475802023-02-08 09:41:14.989root 11241100x8000000000000000256817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b8e8d8e0898e95d2023-02-08 09:41:14.989root 11241100x8000000000000000256816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d27e0d51a2121c9f2023-02-08 09:41:14.989root 11241100x8000000000000000256815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05d905dc52d629672023-02-08 09:41:14.989root 11241100x8000000000000000256825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.651731ce3ca8d1f02023-02-08 09:41:15.484root 11241100x8000000000000000256824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18dac9bb78a6c4af2023-02-08 09:41:15.484root 11241100x8000000000000000256823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.183032413bdd93702023-02-08 09:41:15.484root 11241100x8000000000000000256822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a02d4c4794f2e78a2023-02-08 09:41:15.484root 11241100x8000000000000000256821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.841ccde65b454cfe2023-02-08 09:41:15.484root 11241100x8000000000000000256820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad80d9cbb1414fbc2023-02-08 09:41:15.484root 11241100x8000000000000000256819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf5a8149857cc2242023-02-08 09:41:15.484root 11241100x8000000000000000256832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9307def9d186ac3b2023-02-08 09:41:15.485root 11241100x8000000000000000256831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21f5c52573eca8dd2023-02-08 09:41:15.485root 11241100x8000000000000000256830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a84d93af56d4c3702023-02-08 09:41:15.485root 11241100x8000000000000000256829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a93a8f87e9d158982023-02-08 09:41:15.485root 11241100x8000000000000000256828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5c6134465dae8842023-02-08 09:41:15.485root 11241100x8000000000000000256827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d89c09a990fed32023-02-08 09:41:15.485root 11241100x8000000000000000256826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef6a447c5d39ac62023-02-08 09:41:15.485root 11241100x8000000000000000256841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.177f37213dae1fc12023-02-08 09:41:15.486root 11241100x8000000000000000256840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9290d831d949a9b32023-02-08 09:41:15.486root 11241100x8000000000000000256839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a83e23b6cd44272023-02-08 09:41:15.486root 11241100x8000000000000000256838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1f117af963771f42023-02-08 09:41:15.486root 11241100x8000000000000000256837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82fedfb815a165262023-02-08 09:41:15.486root 11241100x8000000000000000256836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a02830b6b6603232023-02-08 09:41:15.486root 11241100x8000000000000000256835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28471c69460a57712023-02-08 09:41:15.486root 11241100x8000000000000000256834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.656d5567af372f222023-02-08 09:41:15.486root 11241100x8000000000000000256833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d90356615e6e38c2023-02-08 09:41:15.486root 11241100x8000000000000000256849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.133d22a52f0472c62023-02-08 09:41:15.487root 11241100x8000000000000000256848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e31cddf467cfa902023-02-08 09:41:15.487root 11241100x8000000000000000256847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df837d937df2ba372023-02-08 09:41:15.487root 11241100x8000000000000000256846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22c953dba743fd312023-02-08 09:41:15.487root 11241100x8000000000000000256845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dedf6f16f7a93422023-02-08 09:41:15.487root 11241100x8000000000000000256844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0278728b79c5d9d32023-02-08 09:41:15.487root 11241100x8000000000000000256843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbeef354447a70e82023-02-08 09:41:15.487root 11241100x8000000000000000256842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abdf77c699a5950e2023-02-08 09:41:15.487root 11241100x8000000000000000256855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7209174dc339b4bc2023-02-08 09:41:15.488root 11241100x8000000000000000256854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a422fcac13b528c2023-02-08 09:41:15.488root 11241100x8000000000000000256853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a94d22901609ba622023-02-08 09:41:15.488root 11241100x8000000000000000256852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25569d43f70da2892023-02-08 09:41:15.488root 11241100x8000000000000000256851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94d51a7f948d53a12023-02-08 09:41:15.488root 11241100x8000000000000000256850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e5d3a8bb8bffa92023-02-08 09:41:15.488root 11241100x8000000000000000256863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd2d5cb8d2c76c82023-02-08 09:41:15.489root 11241100x8000000000000000256862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31eeac2ef6a427e52023-02-08 09:41:15.489root 11241100x8000000000000000256861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ebfe319ac53e7a52023-02-08 09:41:15.489root 11241100x8000000000000000256860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d12bf9716ebc5d8b2023-02-08 09:41:15.489root 11241100x8000000000000000256859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a771b9cc4e670eb12023-02-08 09:41:15.489root 11241100x8000000000000000256858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c68559898bf6822023-02-08 09:41:15.489root 11241100x8000000000000000256857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a348450d6e32eaf22023-02-08 09:41:15.489root 11241100x8000000000000000256856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e6029551ef2b852023-02-08 09:41:15.489root 11241100x8000000000000000256872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.288793ecc4468cfc2023-02-08 09:41:15.490root 11241100x8000000000000000256871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.983da354d172cef12023-02-08 09:41:15.490root 11241100x8000000000000000256870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47279d09a6ce60da2023-02-08 09:41:15.490root 11241100x8000000000000000256869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc71ea9de259d1062023-02-08 09:41:15.490root 11241100x8000000000000000256868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a24b224eec5b13c02023-02-08 09:41:15.490root 11241100x8000000000000000256867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea067c59907933e2023-02-08 09:41:15.490root 11241100x8000000000000000256866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02e46741d5b011d22023-02-08 09:41:15.490root 11241100x8000000000000000256865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233c05f40c6763a22023-02-08 09:41:15.490root 11241100x8000000000000000256864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3ef69e9cb847ad82023-02-08 09:41:15.490root 11241100x8000000000000000256879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f030b7c5c61da442023-02-08 09:41:15.491root 11241100x8000000000000000256878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.792ed36a6248da4e2023-02-08 09:41:15.491root 11241100x8000000000000000256877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.997c8cbb025de9502023-02-08 09:41:15.491root 11241100x8000000000000000256876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6956eb1da6995fe92023-02-08 09:41:15.491root 11241100x8000000000000000256875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f439483225f5a72023-02-08 09:41:15.491root 11241100x8000000000000000256874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d773dfcd065f64dd2023-02-08 09:41:15.491root 11241100x8000000000000000256873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aae7813a78b721822023-02-08 09:41:15.491root 11241100x8000000000000000256882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.000c31a0730825ed2023-02-08 09:41:15.492root 11241100x8000000000000000256881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c13537a66477b632023-02-08 09:41:15.492root 11241100x8000000000000000256880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cefbd38ad7ebd89e2023-02-08 09:41:15.492root 11241100x8000000000000000256888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a105ab4eeb83d46d2023-02-08 09:41:15.984root 11241100x8000000000000000256887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.180afaf33c2e60622023-02-08 09:41:15.984root 11241100x8000000000000000256886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.152cd06d48b07cb92023-02-08 09:41:15.984root 11241100x8000000000000000256885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be0314ebdd26ca162023-02-08 09:41:15.984root 11241100x8000000000000000256884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4943f39d4ceb28c2023-02-08 09:41:15.984root 11241100x8000000000000000256883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d6666ac943cd14b2023-02-08 09:41:15.984root 11241100x8000000000000000256896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc8f547356f6a8062023-02-08 09:41:15.985root 11241100x8000000000000000256895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef37c20b30952ea22023-02-08 09:41:15.985root 11241100x8000000000000000256894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3abc14da6e6c0842023-02-08 09:41:15.985root 11241100x8000000000000000256893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e12cd1318d0937d2023-02-08 09:41:15.985root 11241100x8000000000000000256892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7f42149e98dbd592023-02-08 09:41:15.985root 11241100x8000000000000000256891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93863825e2f379fd2023-02-08 09:41:15.985root 11241100x8000000000000000256890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c7fdd454d04f9ea2023-02-08 09:41:15.985root 11241100x8000000000000000256889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c414219ce1035e82023-02-08 09:41:15.985root 11241100x8000000000000000256906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e8e298587330dc72023-02-08 09:41:15.986root 11241100x8000000000000000256905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506ccf2669a0ef902023-02-08 09:41:15.986root 11241100x8000000000000000256904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.728f71168a5415042023-02-08 09:41:15.986root 11241100x8000000000000000256903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17904fc4c0f47dba2023-02-08 09:41:15.986root 11241100x8000000000000000256902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffafc1713bd558662023-02-08 09:41:15.986root 11241100x8000000000000000256901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fdf7142402589272023-02-08 09:41:15.986root 11241100x8000000000000000256900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8373ce36603084d12023-02-08 09:41:15.986root 11241100x8000000000000000256899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adc0abb5c09e6ca42023-02-08 09:41:15.986root 11241100x8000000000000000256898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed2808158609e5572023-02-08 09:41:15.986root 11241100x8000000000000000256897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c541cf53d9cbbe2023-02-08 09:41:15.986root 11241100x8000000000000000256909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4bd341b3e1422972023-02-08 09:41:15.987root 11241100x8000000000000000256908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d6f06ef31046c972023-02-08 09:41:15.987root 11241100x8000000000000000256907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67cbb0e062b88a642023-02-08 09:41:15.987root 11241100x8000000000000000256918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b7c4c173c8bf54f2023-02-08 09:41:15.989root 11241100x8000000000000000256917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.105bbb1f9811d3e12023-02-08 09:41:15.989root 11241100x8000000000000000256916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06746334f11b83ac2023-02-08 09:41:15.989root 11241100x8000000000000000256915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.268d582f7bbdbd102023-02-08 09:41:15.989root 11241100x8000000000000000256914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c193f9c2ec04f9f82023-02-08 09:41:15.989root 11241100x8000000000000000256913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f2e0d0dbc6711f2023-02-08 09:41:15.989root 11241100x8000000000000000256912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac583fdf3268ac222023-02-08 09:41:15.989root 11241100x8000000000000000256911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6413fee9a5ff7cb32023-02-08 09:41:15.989root 11241100x8000000000000000256910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cfc9202b202e5bf2023-02-08 09:41:15.989root 11241100x8000000000000000256932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7886034171309b32023-02-08 09:41:15.990root 11241100x8000000000000000256931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82d3829018e1dcb2023-02-08 09:41:15.990root 11241100x8000000000000000256930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ec27610528695682023-02-08 09:41:15.990root 11241100x8000000000000000256929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.709b1cf642f69d642023-02-08 09:41:15.990root 11241100x8000000000000000256928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75c087694e86ff612023-02-08 09:41:15.990root 11241100x8000000000000000256927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84050304f7779fd42023-02-08 09:41:15.990root 11241100x8000000000000000256926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b29879ad1da31d2023-02-08 09:41:15.990root 11241100x8000000000000000256925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.853ebd86d451fcae2023-02-08 09:41:15.990root 11241100x8000000000000000256924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e2edcd158abf7e2023-02-08 09:41:15.990root 11241100x8000000000000000256923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94b9fd856fc2632f2023-02-08 09:41:15.990root 11241100x8000000000000000256922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d971d72949bd8c2d2023-02-08 09:41:15.990root 11241100x8000000000000000256921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a57a5da0fcf0b932023-02-08 09:41:15.990root 11241100x8000000000000000256920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9fb87ae078e23532023-02-08 09:41:15.990root 11241100x8000000000000000256919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.671255922e1f7aca2023-02-08 09:41:15.990root 11241100x8000000000000000256935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81d74f6d408e33a2023-02-08 09:41:15.992root 11241100x8000000000000000256934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d854f69b944d572023-02-08 09:41:15.992root 11241100x8000000000000000256933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6815369b9e01edd2023-02-08 09:41:15.992root 11241100x8000000000000000256942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.383dbb95d58be93e2023-02-08 09:41:15.993root 11241100x8000000000000000256941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c759c51c160098642023-02-08 09:41:15.993root 11241100x8000000000000000256940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a9cbc6258bc5c62023-02-08 09:41:15.993root 11241100x8000000000000000256939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51df79a221548e8e2023-02-08 09:41:15.993root 11241100x8000000000000000256938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2783e77d5f535bf92023-02-08 09:41:15.993root 11241100x8000000000000000256937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abd0df88a5fc5dfa2023-02-08 09:41:15.993root 11241100x8000000000000000256936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56076b067c731c052023-02-08 09:41:15.993root 11241100x8000000000000000256946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95ca24a8965bf6102023-02-08 09:41:15.994root 11241100x8000000000000000256945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.540eff3ab41c275b2023-02-08 09:41:15.994root 11241100x8000000000000000256944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.569f0a626db4b9b12023-02-08 09:41:15.994root 11241100x8000000000000000256943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f0add72c63701662023-02-08 09:41:15.994root 11241100x8000000000000000256947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.998{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a0351ea8398a2692023-02-08 09:41:15.998root 11241100x8000000000000000256948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.999{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0a4c04308614782023-02-08 09:41:15.999root 11241100x8000000000000000256949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.000{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.201ab9401d149a6d2023-02-08 09:41:16.000root 11241100x8000000000000000256952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.001{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.611d0f463a7fa4432023-02-08 09:41:16.001root 11241100x8000000000000000256951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.001{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fab07b67a19df2f2023-02-08 09:41:16.001root 11241100x8000000000000000256950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.001{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa629d6082daac102023-02-08 09:41:16.001root 11241100x8000000000000000256953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.002{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a4b3e2643e4b88a2023-02-08 09:41:16.002root 11241100x8000000000000000256954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.003{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34adf823ac587d842023-02-08 09:41:16.003root 11241100x8000000000000000256955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddae837e9fbc2ec42023-02-08 09:41:16.484root 11241100x8000000000000000256963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d301dac02c795b2023-02-08 09:41:16.485root 11241100x8000000000000000256962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa88cfbb118e77002023-02-08 09:41:16.485root 11241100x8000000000000000256961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b30de5fe05ab1cf2023-02-08 09:41:16.485root 11241100x8000000000000000256960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89dcc7339789a0b42023-02-08 09:41:16.485root 11241100x8000000000000000256959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf814d9166d2edf2023-02-08 09:41:16.485root 11241100x8000000000000000256958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a8cc9a4f33a39722023-02-08 09:41:16.485root 11241100x8000000000000000256957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0208f22a19e45152023-02-08 09:41:16.485root 11241100x8000000000000000256956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd237d39b2e4f73b2023-02-08 09:41:16.485root 11241100x8000000000000000256970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07547bd6f5e76e792023-02-08 09:41:16.486root 11241100x8000000000000000256969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d96179570d3da52023-02-08 09:41:16.486root 11241100x8000000000000000256968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1affc3999096b982023-02-08 09:41:16.486root 11241100x8000000000000000256967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.863bcfdd981eb3862023-02-08 09:41:16.486root 11241100x8000000000000000256966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f363e6206056982023-02-08 09:41:16.486root 11241100x8000000000000000256965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e5b09500665c7a2023-02-08 09:41:16.486root 11241100x8000000000000000256964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c0b767ae9866f242023-02-08 09:41:16.486root 11241100x8000000000000000256980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d0f1314b195e54c2023-02-08 09:41:16.487root 11241100x8000000000000000256979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e58a440a6b6c6392023-02-08 09:41:16.487root 11241100x8000000000000000256978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9610f5f3ca0fe9c82023-02-08 09:41:16.487root 11241100x8000000000000000256977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba821b0a209ef0302023-02-08 09:41:16.487root 11241100x8000000000000000256976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b303632a8a7d562023-02-08 09:41:16.487root 11241100x8000000000000000256975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc8e8cb64d979bd32023-02-08 09:41:16.487root 11241100x8000000000000000256974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02b148a94a4789b02023-02-08 09:41:16.487root 11241100x8000000000000000256973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1e9fae947adeb592023-02-08 09:41:16.487root 11241100x8000000000000000256972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7872383911911c2023-02-08 09:41:16.487root 11241100x8000000000000000256971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d6c369d563878e2023-02-08 09:41:16.487root 11241100x8000000000000000256990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec6df835da56b902023-02-08 09:41:16.488root 11241100x8000000000000000256989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c172531fefade72023-02-08 09:41:16.488root 11241100x8000000000000000256988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc5b62157203ccb2023-02-08 09:41:16.488root 11241100x8000000000000000256987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccc033cf8fc3591f2023-02-08 09:41:16.488root 11241100x8000000000000000256986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35fd5f48ebda1b6c2023-02-08 09:41:16.488root 11241100x8000000000000000256985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35bad53057f42292023-02-08 09:41:16.488root 11241100x8000000000000000256984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599af15d101363072023-02-08 09:41:16.488root 11241100x8000000000000000256983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed83cc979f7e00392023-02-08 09:41:16.488root 11241100x8000000000000000256982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54219767feae3c822023-02-08 09:41:16.488root 11241100x8000000000000000256981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9122c6f98d0f659b2023-02-08 09:41:16.488root 11241100x8000000000000000256999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5be85c99a45afd02023-02-08 09:41:16.489root 11241100x8000000000000000256998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7532e00c0a445f062023-02-08 09:41:16.489root 11241100x8000000000000000256997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45aab25e39aeb6ed2023-02-08 09:41:16.489root 11241100x8000000000000000256996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.000bde626948fb4d2023-02-08 09:41:16.489root 11241100x8000000000000000256995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c8ec360f0ff5aea2023-02-08 09:41:16.489root 11241100x8000000000000000256994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc0c4fcf102414e2023-02-08 09:41:16.489root 11241100x8000000000000000256993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4bd6a5be4d18d512023-02-08 09:41:16.489root 11241100x8000000000000000256992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3927985bc568e502023-02-08 09:41:16.489root 11241100x8000000000000000256991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a945bbf31edc0e42023-02-08 09:41:16.489root 11241100x8000000000000000257000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.442b46869bfb7b052023-02-08 09:41:16.490root 11241100x8000000000000000257006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f0a045cdc624b352023-02-08 09:41:16.984root 11241100x8000000000000000257005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b9a414f6c6780d2023-02-08 09:41:16.984root 11241100x8000000000000000257004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e423ea162b1a2ce32023-02-08 09:41:16.984root 11241100x8000000000000000257003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10dce2b37de498362023-02-08 09:41:16.984root 11241100x8000000000000000257002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47dc5aa0215abe222023-02-08 09:41:16.984root 11241100x8000000000000000257001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a4e18ad011c82d2023-02-08 09:41:16.984root 11241100x8000000000000000257013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.528e51e680ad80952023-02-08 09:41:16.985root 11241100x8000000000000000257012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.018de15cfc840c932023-02-08 09:41:16.985root 11241100x8000000000000000257011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea6fb0b7c3a2249d2023-02-08 09:41:16.985root 11241100x8000000000000000257010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35149410208ddeef2023-02-08 09:41:16.985root 11241100x8000000000000000257009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b39a12088813442023-02-08 09:41:16.985root 11241100x8000000000000000257008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf435d8c17aad0732023-02-08 09:41:16.985root 11241100x8000000000000000257007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8988bedc139d4442023-02-08 09:41:16.985root 11241100x8000000000000000257025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc95f2d4a0582c2a2023-02-08 09:41:16.986root 11241100x8000000000000000257024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bdefa1b15a0b0fb2023-02-08 09:41:16.986root 11241100x8000000000000000257023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6083ee2fe3bfe4b12023-02-08 09:41:16.986root 11241100x8000000000000000257022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c086b8f865d37d632023-02-08 09:41:16.986root 11241100x8000000000000000257021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d7ea88f8a4d4b12023-02-08 09:41:16.986root 11241100x8000000000000000257020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dab08b5383bb3da2023-02-08 09:41:16.986root 11241100x8000000000000000257019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61bd65dea57241312023-02-08 09:41:16.986root 11241100x8000000000000000257018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67241b0c451cb32e2023-02-08 09:41:16.986root 11241100x8000000000000000257017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4987689bd9053bc2023-02-08 09:41:16.986root 11241100x8000000000000000257016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.347d54a01487125c2023-02-08 09:41:16.986root 11241100x8000000000000000257015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b9980acef918bc52023-02-08 09:41:16.986root 11241100x8000000000000000257014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c011a8032aca4d9d2023-02-08 09:41:16.986root 11241100x8000000000000000257038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b53b4617a6d12a2023-02-08 09:41:16.987root 11241100x8000000000000000257037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36a89f35f37f3b342023-02-08 09:41:16.987root 11241100x8000000000000000257036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33fbbcaf4962cce62023-02-08 09:41:16.987root 11241100x8000000000000000257035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b468f1f92dcd38932023-02-08 09:41:16.987root 11241100x8000000000000000257034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f7916470d4439132023-02-08 09:41:16.987root 11241100x8000000000000000257033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1541ddf02f069812023-02-08 09:41:16.987root 11241100x8000000000000000257032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11317788904c89342023-02-08 09:41:16.987root 11241100x8000000000000000257031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb10cd30ed9943662023-02-08 09:41:16.987root 11241100x8000000000000000257030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ded0e481a4926b22023-02-08 09:41:16.987root 11241100x8000000000000000257029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7f641132f774b922023-02-08 09:41:16.987root 11241100x8000000000000000257028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12c4e0d9e95be9a42023-02-08 09:41:16.987root 11241100x8000000000000000257027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e1a40b054e6fc922023-02-08 09:41:16.987root 11241100x8000000000000000257026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82e4600303cbc8c2023-02-08 09:41:16.987root 11241100x8000000000000000257051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cdf1028ad1c1d592023-02-08 09:41:16.988root 11241100x8000000000000000257050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c89198122b00a772023-02-08 09:41:16.988root 11241100x8000000000000000257049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b867dd360c7228cb2023-02-08 09:41:16.988root 11241100x8000000000000000257048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc50354ddbff083a2023-02-08 09:41:16.988root 11241100x8000000000000000257047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df8bd8cd9eb57aa72023-02-08 09:41:16.988root 11241100x8000000000000000257046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffd312228580f07c2023-02-08 09:41:16.988root 11241100x8000000000000000257045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c2cb3c9bf370462023-02-08 09:41:16.988root 11241100x8000000000000000257044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c15d54f68bc72e12023-02-08 09:41:16.988root 11241100x8000000000000000257043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b57aae020e70afb2023-02-08 09:41:16.988root 11241100x8000000000000000257042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9979a2839d2e9f2023-02-08 09:41:16.988root 11241100x8000000000000000257041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7824f496fa8025e2023-02-08 09:41:16.988root 11241100x8000000000000000257040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b07625750f1b6f32023-02-08 09:41:16.988root 11241100x8000000000000000257039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4eaaabc2d94d2712023-02-08 09:41:16.988root 11241100x8000000000000000257059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86dfe51e20fd15262023-02-08 09:41:16.989root 11241100x8000000000000000257058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea047ddc6b6063b72023-02-08 09:41:16.989root 11241100x8000000000000000257057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9508dfadc2e7db832023-02-08 09:41:16.989root 11241100x8000000000000000257056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091a52a41efd423d2023-02-08 09:41:16.989root 11241100x8000000000000000257055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4d516cb4feccf182023-02-08 09:41:16.989root 11241100x8000000000000000257054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7bb671553993a72023-02-08 09:41:16.989root 11241100x8000000000000000257053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ec70d5860db9062023-02-08 09:41:16.989root 11241100x8000000000000000257052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a839932496c948082023-02-08 09:41:16.989root 11241100x8000000000000000257061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.302a2e56e66433912023-02-08 09:41:17.484root 11241100x8000000000000000257060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26487e31e4a586052023-02-08 09:41:17.484root 11241100x8000000000000000257069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25ed3c47b8397e762023-02-08 09:41:17.485root 11241100x8000000000000000257068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c6da474cd594f02023-02-08 09:41:17.485root 11241100x8000000000000000257067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac2c72a4bc59cf2d2023-02-08 09:41:17.485root 11241100x8000000000000000257066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce798b57ec9815c22023-02-08 09:41:17.485root 11241100x8000000000000000257065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88932ba60231686d2023-02-08 09:41:17.485root 11241100x8000000000000000257064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.148e31c10d49c8c62023-02-08 09:41:17.485root 11241100x8000000000000000257063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7324b4d6f371ce242023-02-08 09:41:17.485root 11241100x8000000000000000257062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.254b81898234f2682023-02-08 09:41:17.485root 11241100x8000000000000000257080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab0621033b6605562023-02-08 09:41:17.486root 11241100x8000000000000000257079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.781a1e6a4bc76c9f2023-02-08 09:41:17.486root 11241100x8000000000000000257078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b92689e84809dfd2023-02-08 09:41:17.486root 11241100x8000000000000000257077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae92fa7f007d4c12023-02-08 09:41:17.486root 11241100x8000000000000000257076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b35d375bed3924b2023-02-08 09:41:17.486root 11241100x8000000000000000257075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.044393217c6f6e5c2023-02-08 09:41:17.486root 11241100x8000000000000000257074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7079c5fac0791ad22023-02-08 09:41:17.486root 11241100x8000000000000000257073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4792d9b76e63f182023-02-08 09:41:17.486root 11241100x8000000000000000257072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c42622eef3ec8b2023-02-08 09:41:17.486root 11241100x8000000000000000257071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.138892b36e357f622023-02-08 09:41:17.486root 11241100x8000000000000000257070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d0d33dd37e32ed2023-02-08 09:41:17.486root 11241100x8000000000000000257091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73beb3d38d401a0c2023-02-08 09:41:17.487root 11241100x8000000000000000257090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92b493b7fc6da37c2023-02-08 09:41:17.487root 11241100x8000000000000000257089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af828680365afaf2023-02-08 09:41:17.487root 11241100x8000000000000000257088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb5b6b37ef24b5492023-02-08 09:41:17.487root 11241100x8000000000000000257087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ed8326d11d00872023-02-08 09:41:17.487root 11241100x8000000000000000257086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b7df57066cffce2023-02-08 09:41:17.487root 11241100x8000000000000000257085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e6d48f0428edcd2023-02-08 09:41:17.487root 11241100x8000000000000000257084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0200ff8bacc7c9142023-02-08 09:41:17.487root 11241100x8000000000000000257083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.071fab4cb255a4432023-02-08 09:41:17.487root 11241100x8000000000000000257082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.623152a119448cb62023-02-08 09:41:17.487root 11241100x8000000000000000257081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f7eccde81a6f1622023-02-08 09:41:17.487root 11241100x8000000000000000257103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a8abe127150deec2023-02-08 09:41:17.488root 11241100x8000000000000000257102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d5cf21f696a815d2023-02-08 09:41:17.488root 11241100x8000000000000000257101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee2eb855b9eb5aa52023-02-08 09:41:17.488root 11241100x8000000000000000257100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe75ea88c7dd19f2023-02-08 09:41:17.488root 11241100x8000000000000000257099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f56bdc030a1e5c752023-02-08 09:41:17.488root 11241100x8000000000000000257098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7b9fdb375824c562023-02-08 09:41:17.488root 11241100x8000000000000000257097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b155b64a03cc88d12023-02-08 09:41:17.488root 11241100x8000000000000000257096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be6a162b20448dfc2023-02-08 09:41:17.488root 11241100x8000000000000000257095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32341a1acec9d88b2023-02-08 09:41:17.488root 11241100x8000000000000000257094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b2880a6a93aa572023-02-08 09:41:17.488root 11241100x8000000000000000257093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9cc850b5d946dda2023-02-08 09:41:17.488root 11241100x8000000000000000257092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd729cb4d52c82d72023-02-08 09:41:17.488root 11241100x8000000000000000257113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b00233a29c4765c62023-02-08 09:41:17.489root 11241100x8000000000000000257112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37aba7e8eeed6d882023-02-08 09:41:17.489root 11241100x8000000000000000257111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84f095ab2154b5892023-02-08 09:41:17.489root 11241100x8000000000000000257110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f925f1ced87cff0c2023-02-08 09:41:17.489root 11241100x8000000000000000257109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d229e7f1c8877a92023-02-08 09:41:17.489root 11241100x8000000000000000257108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e2f794339383152023-02-08 09:41:17.489root 11241100x8000000000000000257107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0703f322f37321292023-02-08 09:41:17.489root 11241100x8000000000000000257106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.182c084e6f3236d72023-02-08 09:41:17.489root 11241100x8000000000000000257105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58af6297b16633da2023-02-08 09:41:17.489root 11241100x8000000000000000257104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e4bc86a778ef8902023-02-08 09:41:17.489root 11241100x8000000000000000257116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09326692003713ba2023-02-08 09:41:17.984root 11241100x8000000000000000257115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b684c5c047bb4f2023-02-08 09:41:17.984root 11241100x8000000000000000257114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d884cbfffc2434492023-02-08 09:41:17.984root 11241100x8000000000000000257125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67eb63e76e2e8cb32023-02-08 09:41:17.985root 11241100x8000000000000000257124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a7fbc27adbc037b2023-02-08 09:41:17.985root 11241100x8000000000000000257123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d8abead5682ac12023-02-08 09:41:17.985root 11241100x8000000000000000257122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b0c61ce5af55f752023-02-08 09:41:17.985root 11241100x8000000000000000257121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b27ccb8d130caac2023-02-08 09:41:17.985root 11241100x8000000000000000257120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e544ccda8c57a42023-02-08 09:41:17.985root 11241100x8000000000000000257119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.334e9863e370a8522023-02-08 09:41:17.985root 11241100x8000000000000000257118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb1dc89b121acb42023-02-08 09:41:17.985root 11241100x8000000000000000257117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bbcb5308501a7402023-02-08 09:41:17.985root 11241100x8000000000000000257133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bdb2778dac12c082023-02-08 09:41:17.986root 11241100x8000000000000000257132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e154d3e6c1540e2023-02-08 09:41:17.986root 11241100x8000000000000000257131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0868def0b766fb112023-02-08 09:41:17.986root 11241100x8000000000000000257130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98fba7651c488fe52023-02-08 09:41:17.986root 11241100x8000000000000000257129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49d29c310771dd02023-02-08 09:41:17.986root 11241100x8000000000000000257128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea9dbc9d0dc08def2023-02-08 09:41:17.986root 11241100x8000000000000000257127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f18ac21f5ab434652023-02-08 09:41:17.986root 11241100x8000000000000000257126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.655fa45fb4e867532023-02-08 09:41:17.986root 11241100x8000000000000000257136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90db3687bef2ddd22023-02-08 09:41:17.987root 11241100x8000000000000000257135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ce40334302c6cb2023-02-08 09:41:17.987root 11241100x8000000000000000257134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2522e7ef362fe54d2023-02-08 09:41:17.987root 11241100x8000000000000000257142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53de45e8d597ebf52023-02-08 09:41:17.988root 11241100x8000000000000000257141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c067219cfcc8d8632023-02-08 09:41:17.988root 11241100x8000000000000000257140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb661d4b2df4f812023-02-08 09:41:17.988root 11241100x8000000000000000257139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653b0aa3fd1cd01c2023-02-08 09:41:17.988root 11241100x8000000000000000257138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.496eb6286199e49c2023-02-08 09:41:17.988root 11241100x8000000000000000257137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.901aea99b362bace2023-02-08 09:41:17.988root 11241100x8000000000000000257149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a37cf273434b7eae2023-02-08 09:41:17.989root 11241100x8000000000000000257148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3a390e0ef576f3b2023-02-08 09:41:17.989root 11241100x8000000000000000257147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3418a4991b8cc5122023-02-08 09:41:17.989root 11241100x8000000000000000257146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c778c35eb7e74c02023-02-08 09:41:17.989root 11241100x8000000000000000257145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba46b2a05db463862023-02-08 09:41:17.989root 11241100x8000000000000000257144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5504067bac61fa742023-02-08 09:41:17.989root 11241100x8000000000000000257143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.432a5264dffb72602023-02-08 09:41:17.989root 11241100x8000000000000000257157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40d768fd16ace8832023-02-08 09:41:17.990root 11241100x8000000000000000257156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93aadc570dc6b7362023-02-08 09:41:17.990root 11241100x8000000000000000257155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.050b7b0f35372a6f2023-02-08 09:41:17.990root 11241100x8000000000000000257154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.938a2de06de009502023-02-08 09:41:17.990root 11241100x8000000000000000257153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccc97ac1a990b7752023-02-08 09:41:17.990root 11241100x8000000000000000257152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aacefd8d1c0ea69f2023-02-08 09:41:17.990root 11241100x8000000000000000257151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d97d714baf8dad82023-02-08 09:41:17.990root 11241100x8000000000000000257150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b01805e8c087f682023-02-08 09:41:17.990root 11241100x8000000000000000257160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7485303f392d1f8e2023-02-08 09:41:17.991root 11241100x8000000000000000257159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20f94874eb58bea82023-02-08 09:41:17.991root 11241100x8000000000000000257158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.279aa36cfe8ef8812023-02-08 09:41:17.991root 11241100x8000000000000000257170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a7a1d8dac820a662023-02-08 09:41:18.485root 11241100x8000000000000000257169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4fff604bc237fc42023-02-08 09:41:18.485root 11241100x8000000000000000257168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9edd249a0ae545cd2023-02-08 09:41:18.485root 11241100x8000000000000000257167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96ab954191537d472023-02-08 09:41:18.485root 11241100x8000000000000000257166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.320f20609ec490012023-02-08 09:41:18.485root 11241100x8000000000000000257165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.550c681c5d42c4912023-02-08 09:41:18.485root 11241100x8000000000000000257164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.346d574da2c6ef082023-02-08 09:41:18.485root 11241100x8000000000000000257163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3878c9f8f8152622023-02-08 09:41:18.485root 11241100x8000000000000000257162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299bf8223ff7d3512023-02-08 09:41:18.485root 11241100x8000000000000000257161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9116c8e9d9238ce32023-02-08 09:41:18.485root 11241100x8000000000000000257185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b1a9ebfb6f2ba72023-02-08 09:41:18.486root 11241100x8000000000000000257184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a49892990e1215f2023-02-08 09:41:18.486root 11241100x8000000000000000257183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afdd425f7e5854742023-02-08 09:41:18.486root 11241100x8000000000000000257182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e197b71382690202023-02-08 09:41:18.486root 11241100x8000000000000000257181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a17dff6cc18a092023-02-08 09:41:18.486root 11241100x8000000000000000257180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.143978cb05c458952023-02-08 09:41:18.486root 11241100x8000000000000000257179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b953a694b0957b02023-02-08 09:41:18.486root 11241100x8000000000000000257178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa8bfa1c26e9e7a2023-02-08 09:41:18.486root 11241100x8000000000000000257177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c86f21c755c94162023-02-08 09:41:18.486root 11241100x8000000000000000257176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b26e8548486d48e32023-02-08 09:41:18.486root 11241100x8000000000000000257175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32aac6a3039ff4d92023-02-08 09:41:18.486root 11241100x8000000000000000257174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6623fdada2953362023-02-08 09:41:18.486root 11241100x8000000000000000257173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c57efe1034cbd12023-02-08 09:41:18.486root 11241100x8000000000000000257172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9d29f6288eb1dca2023-02-08 09:41:18.486root 11241100x8000000000000000257171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.546f1b0836ff06ef2023-02-08 09:41:18.486root 11241100x8000000000000000257191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5459d43aee3d70592023-02-08 09:41:18.487root 11241100x8000000000000000257190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4228978d83ea6792023-02-08 09:41:18.487root 11241100x8000000000000000257189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40529b744f0fff522023-02-08 09:41:18.487root 11241100x8000000000000000257188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a1d683aa30a2572023-02-08 09:41:18.487root 11241100x8000000000000000257187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3fd58ce475dd8182023-02-08 09:41:18.487root 11241100x8000000000000000257186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c82d9806225eaf2023-02-08 09:41:18.487root 11241100x8000000000000000257205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3669e6951024a342023-02-08 09:41:18.488root 11241100x8000000000000000257204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377789c3730c2c9f2023-02-08 09:41:18.488root 11241100x8000000000000000257203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a6d8a96719cdc42023-02-08 09:41:18.488root 11241100x8000000000000000257202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88abf90822d2fa512023-02-08 09:41:18.488root 11241100x8000000000000000257201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b8054bbb95fc01a2023-02-08 09:41:18.488root 11241100x8000000000000000257200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.407415b3f4a06c852023-02-08 09:41:18.488root 11241100x8000000000000000257199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a71b9d65c80a582023-02-08 09:41:18.488root 11241100x8000000000000000257198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23d320049e0d8c482023-02-08 09:41:18.488root 11241100x8000000000000000257197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ece7040ca2b1b182023-02-08 09:41:18.488root 11241100x8000000000000000257196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.194831021bcb019c2023-02-08 09:41:18.488root 11241100x8000000000000000257195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6dbc13d0e4ee39e2023-02-08 09:41:18.488root 11241100x8000000000000000257194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a08ab88cc701a7392023-02-08 09:41:18.488root 11241100x8000000000000000257193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f95caee450ea7c62023-02-08 09:41:18.488root 11241100x8000000000000000257192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2475f2a9de8525872023-02-08 09:41:18.488root 11241100x8000000000000000257206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfb9aedeafef85fb2023-02-08 09:41:18.489root 11241100x8000000000000000257213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2223070a02e798f2023-02-08 09:41:18.984root 11241100x8000000000000000257212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb5532a00cb4061a2023-02-08 09:41:18.984root 11241100x8000000000000000257211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cd4701e152424e12023-02-08 09:41:18.984root 11241100x8000000000000000257210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489b55f1ded5a09d2023-02-08 09:41:18.984root 11241100x8000000000000000257209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc962a0e3f7b11082023-02-08 09:41:18.984root 11241100x8000000000000000257208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac463531b1c06dfa2023-02-08 09:41:18.984root 11241100x8000000000000000257207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6193e99dbb50461b2023-02-08 09:41:18.984root 11241100x8000000000000000257221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94fa6907dfdb3ca32023-02-08 09:41:18.985root 11241100x8000000000000000257220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.924d047faf46d0be2023-02-08 09:41:18.985root 11241100x8000000000000000257219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce782af4d6e715262023-02-08 09:41:18.985root 11241100x8000000000000000257218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c9a83edf40b65d2023-02-08 09:41:18.985root 11241100x8000000000000000257217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903e0adf9e705a902023-02-08 09:41:18.985root 11241100x8000000000000000257216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce2fcc4e4239c7252023-02-08 09:41:18.985root 11241100x8000000000000000257215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb4e2621f8867892023-02-08 09:41:18.985root 11241100x8000000000000000257214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99459779a516232c2023-02-08 09:41:18.985root 11241100x8000000000000000257230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e420cc02c97aa1c52023-02-08 09:41:18.986root 11241100x8000000000000000257229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47d08a5a7ac44502023-02-08 09:41:18.986root 11241100x8000000000000000257228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ff85ed065a08ab2023-02-08 09:41:18.986root 11241100x8000000000000000257227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f0396d821b41ea52023-02-08 09:41:18.986root 11241100x8000000000000000257226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8fda37f4ade7322023-02-08 09:41:18.986root 11241100x8000000000000000257225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270ef3c460d7c7ee2023-02-08 09:41:18.986root 11241100x8000000000000000257224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4598312a7207aa832023-02-08 09:41:18.986root 11241100x8000000000000000257223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b50481c20a7c822023-02-08 09:41:18.986root 11241100x8000000000000000257222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0255accbc960afcf2023-02-08 09:41:18.986root 11241100x8000000000000000257238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec493b667ace7f92023-02-08 09:41:18.987root 11241100x8000000000000000257237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74016941677961b92023-02-08 09:41:18.987root 11241100x8000000000000000257236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12538175532d0d0e2023-02-08 09:41:18.987root 11241100x8000000000000000257235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12bb6be9cf12eb112023-02-08 09:41:18.987root 11241100x8000000000000000257234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267792997f3c537f2023-02-08 09:41:18.987root 11241100x8000000000000000257233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a7cafed503be54e2023-02-08 09:41:18.987root 11241100x8000000000000000257232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a7c4b7f9e90b7b12023-02-08 09:41:18.987root 11241100x8000000000000000257231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e57e22e7d5e3bc22023-02-08 09:41:18.987root 11241100x8000000000000000257249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c58f4aae2df5f142023-02-08 09:41:18.988root 11241100x8000000000000000257248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.918fec9cf545ac2c2023-02-08 09:41:18.988root 11241100x8000000000000000257247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f4935fc798b33f2023-02-08 09:41:18.988root 11241100x8000000000000000257246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc21c21af44befe2023-02-08 09:41:18.988root 11241100x8000000000000000257245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e5394e863937d52023-02-08 09:41:18.988root 11241100x8000000000000000257244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.776121a5b4875e0f2023-02-08 09:41:18.988root 11241100x8000000000000000257243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76705f2e1e6b48d72023-02-08 09:41:18.988root 11241100x8000000000000000257242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c578c34a0d9b44652023-02-08 09:41:18.988root 11241100x8000000000000000257241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f56a69f4b314d4542023-02-08 09:41:18.988root 11241100x8000000000000000257240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ec9b46e5e90c312023-02-08 09:41:18.988root 11241100x8000000000000000257239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.344d8efacd8f88462023-02-08 09:41:18.988root 11241100x8000000000000000257261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a826d61a6814481a2023-02-08 09:41:18.989root 11241100x8000000000000000257260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e310d629d19dccd2023-02-08 09:41:18.989root 11241100x8000000000000000257259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.033749781b2e4c232023-02-08 09:41:18.989root 11241100x8000000000000000257258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02e8a251ca82e26e2023-02-08 09:41:18.989root 11241100x8000000000000000257257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31af71b7575535c82023-02-08 09:41:18.989root 11241100x8000000000000000257256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.353d3461255c0c5b2023-02-08 09:41:18.989root 11241100x8000000000000000257255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eba422965ebbc322023-02-08 09:41:18.989root 11241100x8000000000000000257254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd92969e075a9f6f2023-02-08 09:41:18.989root 11241100x8000000000000000257253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5c1dc0dfc7618a22023-02-08 09:41:18.989root 11241100x8000000000000000257252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf4e3d0e63a815c22023-02-08 09:41:18.989root 11241100x8000000000000000257251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ca02f10d2005e82023-02-08 09:41:18.989root 11241100x8000000000000000257250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffde9997c20a82712023-02-08 09:41:18.989root 11241100x8000000000000000257269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f94d72f34525192023-02-08 09:41:18.990root 11241100x8000000000000000257268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f09ffa381f36d92023-02-08 09:41:18.990root 11241100x8000000000000000257267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b5fbeac9497474e2023-02-08 09:41:18.990root 11241100x8000000000000000257266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c1f4848f3c55a2a2023-02-08 09:41:18.990root 11241100x8000000000000000257265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7090c329d3747a732023-02-08 09:41:18.990root 11241100x8000000000000000257264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a88d24d14ba9c9c2023-02-08 09:41:18.990root 11241100x8000000000000000257263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32cabb1b217f4ce72023-02-08 09:41:18.990root 11241100x8000000000000000257262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.192e11c6c20f2b172023-02-08 09:41:18.990root 11241100x8000000000000000257274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59aedcdae54ead322023-02-08 09:41:18.991root 11241100x8000000000000000257273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04077bbd06e881982023-02-08 09:41:18.991root 11241100x8000000000000000257272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21591d7d9b46bdc82023-02-08 09:41:18.991root 11241100x8000000000000000257271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb391eabe27fd3f52023-02-08 09:41:18.991root 11241100x8000000000000000257270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b89f3680cc471b882023-02-08 09:41:18.991root 354300x8000000000000000257275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.085{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-46948-false10.0.1.12-8000- 11241100x8000000000000000257282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0addaef273d3fa22023-02-08 09:41:19.484root 11241100x8000000000000000257281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f438a11a46b403e52023-02-08 09:41:19.484root 11241100x8000000000000000257280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ddeb530eb75918e2023-02-08 09:41:19.484root 11241100x8000000000000000257279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c76dbd9a31838842023-02-08 09:41:19.484root 11241100x8000000000000000257278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d24e56f8b300fc62023-02-08 09:41:19.484root 11241100x8000000000000000257277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b837a2663d89994b2023-02-08 09:41:19.484root 11241100x8000000000000000257276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ce18087de8678842023-02-08 09:41:19.484root 11241100x8000000000000000257291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.837caa0013b7ab3a2023-02-08 09:41:19.485root 11241100x8000000000000000257290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbbc8feb79294bf02023-02-08 09:41:19.485root 11241100x8000000000000000257289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c650fadc977e7bd62023-02-08 09:41:19.485root 11241100x8000000000000000257288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb4228d72b5ba9a22023-02-08 09:41:19.485root 11241100x8000000000000000257287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e53401400d683f502023-02-08 09:41:19.485root 11241100x8000000000000000257286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e1a1475a8690342023-02-08 09:41:19.485root 11241100x8000000000000000257285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba8a5e28f527aa472023-02-08 09:41:19.485root 11241100x8000000000000000257284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91dde63961bec2f72023-02-08 09:41:19.485root 11241100x8000000000000000257283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.828fca8766316b302023-02-08 09:41:19.485root 11241100x8000000000000000257306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.127bb082c21836b42023-02-08 09:41:19.486root 11241100x8000000000000000257305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a363f5917baca74f2023-02-08 09:41:19.486root 11241100x8000000000000000257304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ae7a3a37c9cd532023-02-08 09:41:19.486root 11241100x8000000000000000257303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6020886e2fa36932023-02-08 09:41:19.486root 11241100x8000000000000000257302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62a57e0885d577652023-02-08 09:41:19.486root 11241100x8000000000000000257301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6241d413d161da62023-02-08 09:41:19.486root 11241100x8000000000000000257300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e3a6b40d8a027f2023-02-08 09:41:19.486root 11241100x8000000000000000257299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.893d27e4f54e673b2023-02-08 09:41:19.486root 11241100x8000000000000000257298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.182911a9723712dc2023-02-08 09:41:19.486root 11241100x8000000000000000257297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edac0b95319e4e3d2023-02-08 09:41:19.486root 11241100x8000000000000000257296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc6d00f2d3ca35392023-02-08 09:41:19.486root 11241100x8000000000000000257295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc1f531050d96332023-02-08 09:41:19.486root 11241100x8000000000000000257294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.186beef7c0232be62023-02-08 09:41:19.486root 11241100x8000000000000000257293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75db007b167aabf82023-02-08 09:41:19.486root 11241100x8000000000000000257292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71fa19627f1d7872023-02-08 09:41:19.486root 11241100x8000000000000000257320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0068b7c4575ff282023-02-08 09:41:19.487root 11241100x8000000000000000257319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.116c3153da55e00a2023-02-08 09:41:19.487root 11241100x8000000000000000257318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d91c0aca68c76c352023-02-08 09:41:19.487root 11241100x8000000000000000257317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31ea7dafc65e4f3a2023-02-08 09:41:19.487root 11241100x8000000000000000257316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8255fa13b5f11552023-02-08 09:41:19.487root 11241100x8000000000000000257315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b90af550f8cb1c642023-02-08 09:41:19.487root 11241100x8000000000000000257314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b8493d32037c1232023-02-08 09:41:19.487root 11241100x8000000000000000257313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c40ec5da493cded2023-02-08 09:41:19.487root 11241100x8000000000000000257312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b44af1a7dafc492023-02-08 09:41:19.487root 11241100x8000000000000000257311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2726bf1802d861892023-02-08 09:41:19.487root 11241100x8000000000000000257310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc3067fd9f950b012023-02-08 09:41:19.487root 11241100x8000000000000000257309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5353b8738696081d2023-02-08 09:41:19.487root 11241100x8000000000000000257308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0091ea8ee62102ab2023-02-08 09:41:19.487root 11241100x8000000000000000257307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b23af85a3f57fd2023-02-08 09:41:19.487root 11241100x8000000000000000257332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a9d3a71aa250362023-02-08 09:41:19.488root 11241100x8000000000000000257331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989507e5c91701bd2023-02-08 09:41:19.488root 11241100x8000000000000000257330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.173c2558aa5cf6f22023-02-08 09:41:19.488root 11241100x8000000000000000257329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.662d8045a59d49a42023-02-08 09:41:19.488root 11241100x8000000000000000257328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0dff62f344f7a072023-02-08 09:41:19.488root 11241100x8000000000000000257327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e64348d29182c1f2023-02-08 09:41:19.488root 11241100x8000000000000000257326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.496e273b14e0b1922023-02-08 09:41:19.488root 11241100x8000000000000000257325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d69e4e1aea4b1a592023-02-08 09:41:19.488root 11241100x8000000000000000257324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dabf80c4207a1bb42023-02-08 09:41:19.488root 11241100x8000000000000000257323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05e518c52223108d2023-02-08 09:41:19.488root 11241100x8000000000000000257322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5a2358c901200572023-02-08 09:41:19.488root 11241100x8000000000000000257321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac84fdc55aae6d5e2023-02-08 09:41:19.488root 11241100x8000000000000000257334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb7cd1b729b074e12023-02-08 09:41:19.489root 11241100x8000000000000000257333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.849d26f5b714c29c2023-02-08 09:41:19.489root 11241100x8000000000000000257345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37dc1ef5758f0c092023-02-08 09:41:19.984root 11241100x8000000000000000257344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac4d07ec2e9ddba2023-02-08 09:41:19.984root 11241100x8000000000000000257343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6374c6ef8af88d6d2023-02-08 09:41:19.984root 11241100x8000000000000000257342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.255c1cdef69426552023-02-08 09:41:19.984root 11241100x8000000000000000257341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.404fbfb9cab4deda2023-02-08 09:41:19.984root 11241100x8000000000000000257340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2dd18c17fd250d82023-02-08 09:41:19.984root 11241100x8000000000000000257339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8247357291a0b8732023-02-08 09:41:19.984root 11241100x8000000000000000257338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e8a2e92ea11f4c2023-02-08 09:41:19.984root 11241100x8000000000000000257337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.038e493e565266b32023-02-08 09:41:19.984root 11241100x8000000000000000257336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9359d25a398f30552023-02-08 09:41:19.984root 11241100x8000000000000000257335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5080368c070c39512023-02-08 09:41:19.984root 11241100x8000000000000000257355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888ab2999abc8d102023-02-08 09:41:19.985root 11241100x8000000000000000257354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b165393591f9be002023-02-08 09:41:19.985root 11241100x8000000000000000257353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29dddbc5eb395da22023-02-08 09:41:19.985root 11241100x8000000000000000257352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c955ae2225cb701b2023-02-08 09:41:19.985root 11241100x8000000000000000257351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c3953d4d3ff4882023-02-08 09:41:19.985root 11241100x8000000000000000257350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eced8527f34aaa72023-02-08 09:41:19.985root 11241100x8000000000000000257349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.497596a7c315068d2023-02-08 09:41:19.985root 11241100x8000000000000000257348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c04fd680d6ec78712023-02-08 09:41:19.985root 11241100x8000000000000000257347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5fa16da2f490d802023-02-08 09:41:19.985root 11241100x8000000000000000257346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c0657e4056ffda22023-02-08 09:41:19.985root 11241100x8000000000000000257361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b12bb33190adafad2023-02-08 09:41:19.986root 11241100x8000000000000000257360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e442803c21f59c92023-02-08 09:41:19.986root 11241100x8000000000000000257359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fb2b68e963457142023-02-08 09:41:19.986root 11241100x8000000000000000257358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2783f0596ebf038a2023-02-08 09:41:19.986root 11241100x8000000000000000257357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed833738ae3281322023-02-08 09:41:19.986root 11241100x8000000000000000257356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df15620a3ba59352023-02-08 09:41:19.986root 11241100x8000000000000000257372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f23ef91b2f3a262023-02-08 09:41:19.987root 11241100x8000000000000000257371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.847080573471d61a2023-02-08 09:41:19.987root 11241100x8000000000000000257370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.459002db96ba66812023-02-08 09:41:19.987root 11241100x8000000000000000257369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa8c373a487cc75a2023-02-08 09:41:19.987root 11241100x8000000000000000257368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e113a712bad8d5612023-02-08 09:41:19.987root 11241100x8000000000000000257367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bba08bd9dca444fe2023-02-08 09:41:19.987root 11241100x8000000000000000257366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b75f79147e46402023-02-08 09:41:19.987root 11241100x8000000000000000257365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a2ded9732070d52023-02-08 09:41:19.987root 11241100x8000000000000000257364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5315fab808f96d762023-02-08 09:41:19.987root 11241100x8000000000000000257363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a8805de5e2b51c42023-02-08 09:41:19.987root 11241100x8000000000000000257362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b358ccdbe748362d2023-02-08 09:41:19.987root 11241100x8000000000000000257381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8357aebd0477d9d2023-02-08 09:41:19.988root 11241100x8000000000000000257380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97a80f83bb74f0c02023-02-08 09:41:19.988root 11241100x8000000000000000257379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fb9c962e3a92b022023-02-08 09:41:19.988root 11241100x8000000000000000257378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8f95472689327a62023-02-08 09:41:19.988root 11241100x8000000000000000257377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e78dc37cad704722023-02-08 09:41:19.988root 11241100x8000000000000000257376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4132dd5f509d01b02023-02-08 09:41:19.988root 11241100x8000000000000000257375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa15b2d504ed47bf2023-02-08 09:41:19.988root 11241100x8000000000000000257374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec57840725661262023-02-08 09:41:19.988root 11241100x8000000000000000257373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98bb836f28cec5f82023-02-08 09:41:19.988root 11241100x8000000000000000257389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae15485f1c9f67d62023-02-08 09:41:19.989root 11241100x8000000000000000257388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0694c981ddbcf6dd2023-02-08 09:41:19.989root 11241100x8000000000000000257387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc1abd04918a0d912023-02-08 09:41:19.989root 11241100x8000000000000000257386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a39d5cc3f2bb43132023-02-08 09:41:19.989root 11241100x8000000000000000257385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.243821565719d2ad2023-02-08 09:41:19.989root 11241100x8000000000000000257384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c2778128a98e8c2023-02-08 09:41:19.989root 11241100x8000000000000000257383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87bf875e284e42fb2023-02-08 09:41:19.989root 11241100x8000000000000000257382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e188a87858fc72a2023-02-08 09:41:19.989root 11241100x8000000000000000257397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.289539b298611fbb2023-02-08 09:41:19.990root 11241100x8000000000000000257396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9098e1b61cead3952023-02-08 09:41:19.990root 11241100x8000000000000000257395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.998c568e01b9909d2023-02-08 09:41:19.990root 11241100x8000000000000000257394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac5a395ab8425a5a2023-02-08 09:41:19.990root 11241100x8000000000000000257393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e40fe3608b0b119c2023-02-08 09:41:19.990root 11241100x8000000000000000257392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd3605b9b813a4512023-02-08 09:41:19.990root 11241100x8000000000000000257391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad0f80f75ef226402023-02-08 09:41:19.990root 11241100x8000000000000000257390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31b7d8ad27d5b4c72023-02-08 09:41:19.990root 11241100x8000000000000000257403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.514dd314bd2732e82023-02-08 09:41:20.484root 11241100x8000000000000000257402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.223bc4b6507f2add2023-02-08 09:41:20.484root 11241100x8000000000000000257401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e57cd5a3a1c3a92023-02-08 09:41:20.484root 11241100x8000000000000000257400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8363c73a4093f5d02023-02-08 09:41:20.484root 11241100x8000000000000000257399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7024bdd1d7af7a8b2023-02-08 09:41:20.484root 11241100x8000000000000000257398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3005d4b7a09b0a5a2023-02-08 09:41:20.484root 11241100x8000000000000000257410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45af5b4d87d6eeb2023-02-08 09:41:20.485root 11241100x8000000000000000257409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c99c0444346e248d2023-02-08 09:41:20.485root 11241100x8000000000000000257408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bc9bb5e9ea2d0e32023-02-08 09:41:20.485root 11241100x8000000000000000257407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9254b02178f7ae422023-02-08 09:41:20.485root 11241100x8000000000000000257406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1b4401721f137c12023-02-08 09:41:20.485root 11241100x8000000000000000257405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.258e29b70f0f939c2023-02-08 09:41:20.485root 11241100x8000000000000000257404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc3fed4ff7c029862023-02-08 09:41:20.485root 11241100x8000000000000000257419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a5a8b8f06f6c562023-02-08 09:41:20.486root 11241100x8000000000000000257418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b12566e8d10d8392023-02-08 09:41:20.486root 11241100x8000000000000000257417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f034475a629e7b012023-02-08 09:41:20.486root 11241100x8000000000000000257416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b7cfaf17def551a2023-02-08 09:41:20.486root 11241100x8000000000000000257415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1678ba93bf14c5c42023-02-08 09:41:20.486root 11241100x8000000000000000257414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4100cdee2b5537b02023-02-08 09:41:20.486root 11241100x8000000000000000257413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4515cdc42a32ccdf2023-02-08 09:41:20.486root 11241100x8000000000000000257412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59220682948d37ab2023-02-08 09:41:20.486root 11241100x8000000000000000257411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c498c08a3451592023-02-08 09:41:20.486root 11241100x8000000000000000257421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb536cdda2ea75a2023-02-08 09:41:20.487root 11241100x8000000000000000257420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d3242d36733f832023-02-08 09:41:20.487root 11241100x8000000000000000257425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.083066b53efcbdda2023-02-08 09:41:20.488root 11241100x8000000000000000257424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a46d67b9c0f263772023-02-08 09:41:20.488root 11241100x8000000000000000257423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05edce31a2c726692023-02-08 09:41:20.488root 11241100x8000000000000000257422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.511e663f9d5d14ef2023-02-08 09:41:20.488root 11241100x8000000000000000257427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d66ec9c62a8d8cc42023-02-08 09:41:20.489root 11241100x8000000000000000257426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b198759467e22c2023-02-08 09:41:20.489root 11241100x8000000000000000257432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75931c9dbaf841082023-02-08 09:41:20.490root 11241100x8000000000000000257431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ec74397ad65c8b2023-02-08 09:41:20.490root 11241100x8000000000000000257430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07ecb07d57f09b1e2023-02-08 09:41:20.490root 11241100x8000000000000000257429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7be0ff8a390c1f62023-02-08 09:41:20.490root 11241100x8000000000000000257428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbeb5456ac99959e2023-02-08 09:41:20.490root 11241100x8000000000000000257434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f11606697e1da1ea2023-02-08 09:41:20.491root 11241100x8000000000000000257433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9abecd2b7fd1d9d52023-02-08 09:41:20.491root 11241100x8000000000000000257441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8060318ea043ef852023-02-08 09:41:20.492root 11241100x8000000000000000257440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e1aa7e7276cd60d2023-02-08 09:41:20.492root 11241100x8000000000000000257439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be5aa09c3653cc62023-02-08 09:41:20.492root 11241100x8000000000000000257438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee0e23a1141780c2023-02-08 09:41:20.492root 11241100x8000000000000000257437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.425e9f012b37bb602023-02-08 09:41:20.492root 11241100x8000000000000000257436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e082662a050708662023-02-08 09:41:20.492root 11241100x8000000000000000257435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a6c780e384635822023-02-08 09:41:20.492root 11241100x8000000000000000257449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10fddb7635eeb8e52023-02-08 09:41:20.493root 11241100x8000000000000000257448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5a682e0ee3cf9f2023-02-08 09:41:20.493root 11241100x8000000000000000257447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24fbcd8cd81e9e762023-02-08 09:41:20.493root 11241100x8000000000000000257446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85a19ea715d239472023-02-08 09:41:20.493root 11241100x8000000000000000257445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6cf6b253a86dd372023-02-08 09:41:20.493root 11241100x8000000000000000257444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e6610095f460272023-02-08 09:41:20.493root 11241100x8000000000000000257443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b12dce60b357c0592023-02-08 09:41:20.493root 11241100x8000000000000000257442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b835726f8d6776092023-02-08 09:41:20.493root 11241100x8000000000000000257453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.089947661ac3793b2023-02-08 09:41:20.494root 11241100x8000000000000000257452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a3c996d8ca4775a2023-02-08 09:41:20.494root 11241100x8000000000000000257451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.698518e00c28c0512023-02-08 09:41:20.494root 11241100x8000000000000000257450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65576bf06273294c2023-02-08 09:41:20.494root 11241100x8000000000000000257454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.826e09b15630e6372023-02-08 09:41:20.984root 11241100x8000000000000000257462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc2100340285c232023-02-08 09:41:20.985root 11241100x8000000000000000257461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c71797d5d29304312023-02-08 09:41:20.985root 11241100x8000000000000000257460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8459bd0621cc0d22023-02-08 09:41:20.985root 11241100x8000000000000000257459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0acd6444ce606fc82023-02-08 09:41:20.985root 11241100x8000000000000000257458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abbee751ac119d252023-02-08 09:41:20.985root 11241100x8000000000000000257457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7887e851c862d2212023-02-08 09:41:20.985root 11241100x8000000000000000257456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50d618ccd83b04aa2023-02-08 09:41:20.985root 11241100x8000000000000000257455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b106e57995799432023-02-08 09:41:20.985root 11241100x8000000000000000257469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48274615d9c045152023-02-08 09:41:20.986root 11241100x8000000000000000257468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86efe1f9b51f42132023-02-08 09:41:20.986root 11241100x8000000000000000257467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.622a2e1779963caa2023-02-08 09:41:20.986root 11241100x8000000000000000257466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d00e3844692b9bf2023-02-08 09:41:20.986root 11241100x8000000000000000257465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2843056f1f1c5642023-02-08 09:41:20.986root 11241100x8000000000000000257464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.788bb5a373c5315c2023-02-08 09:41:20.986root 11241100x8000000000000000257463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a32d329d09e5e02023-02-08 09:41:20.986root 11241100x8000000000000000257473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.551d4e1d6f0580412023-02-08 09:41:20.987root 11241100x8000000000000000257472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e5e3a8984fe66992023-02-08 09:41:20.987root 11241100x8000000000000000257471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb720dc09b3dae792023-02-08 09:41:20.987root 11241100x8000000000000000257470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f57df316752388d2023-02-08 09:41:20.987root 11241100x8000000000000000257477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a32f56b98e29271d2023-02-08 09:41:20.988root 11241100x8000000000000000257476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db940331c515b3e32023-02-08 09:41:20.988root 11241100x8000000000000000257475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6befe60e373b49b42023-02-08 09:41:20.988root 11241100x8000000000000000257474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2c9ced0f7a8fe42023-02-08 09:41:20.988root 11241100x8000000000000000257480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71e2a5a39b6b2f812023-02-08 09:41:20.990root 11241100x8000000000000000257479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46ef1c9f19eed80a2023-02-08 09:41:20.990root 11241100x8000000000000000257478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd90e1cbb21d1dd12023-02-08 09:41:20.990root 11241100x8000000000000000257485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a24b4ff754f002632023-02-08 09:41:20.991root 11241100x8000000000000000257484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ca09c6e6cf6f252023-02-08 09:41:20.991root 11241100x8000000000000000257483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18dec06b4ed14e8b2023-02-08 09:41:20.991root 11241100x8000000000000000257482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8fce1bbaab47d1f2023-02-08 09:41:20.991root 11241100x8000000000000000257481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4faf6790ca6658c2023-02-08 09:41:20.991root 11241100x8000000000000000257491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.908276fc2616a7b32023-02-08 09:41:20.992root 11241100x8000000000000000257490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04160209980388372023-02-08 09:41:20.992root 11241100x8000000000000000257489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136154aab482fac02023-02-08 09:41:20.992root 11241100x8000000000000000257488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a7265352a985132023-02-08 09:41:20.992root 11241100x8000000000000000257487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc88e8036e8b3f32023-02-08 09:41:20.992root 11241100x8000000000000000257486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac7fd97c96522d2b2023-02-08 09:41:20.992root 11241100x8000000000000000257493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad8a09a0ca0b56862023-02-08 09:41:20.993root 11241100x8000000000000000257492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b60c42a146fd73642023-02-08 09:41:20.993root 11241100x8000000000000000257501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09bdbec3efb703582023-02-08 09:41:20.994root 11241100x8000000000000000257500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce648bd5fcd0b6c72023-02-08 09:41:20.994root 11241100x8000000000000000257499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62967f52400b9a5b2023-02-08 09:41:20.994root 11241100x8000000000000000257498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbb9171ad5a6871c2023-02-08 09:41:20.994root 11241100x8000000000000000257497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea3042ee60e1a8982023-02-08 09:41:20.994root 11241100x8000000000000000257496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1077ec6a4b316fef2023-02-08 09:41:20.994root 11241100x8000000000000000257495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1199e6c48acd77742023-02-08 09:41:20.994root 11241100x8000000000000000257494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.866f2df4eb7887622023-02-08 09:41:20.994root 11241100x8000000000000000257505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e5e1e7ffd60d8042023-02-08 09:41:20.995root 11241100x8000000000000000257504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d3e2e0d86ca4c82023-02-08 09:41:20.995root 11241100x8000000000000000257503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17538e98fdbf09072023-02-08 09:41:20.995root 11241100x8000000000000000257502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe3ca38578d18352023-02-08 09:41:20.995root 11241100x8000000000000000257513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aa996936f30a1d62023-02-08 09:41:21.485root 11241100x8000000000000000257512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de372f3120cc26bd2023-02-08 09:41:21.485root 11241100x8000000000000000257511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a39b2a4771df74592023-02-08 09:41:21.485root 11241100x8000000000000000257510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62c9a03ef57bbfab2023-02-08 09:41:21.485root 11241100x8000000000000000257509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f479db01772ddab2023-02-08 09:41:21.485root 11241100x8000000000000000257508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.487bc207a126a8262023-02-08 09:41:21.485root 11241100x8000000000000000257507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6372525e91e538472023-02-08 09:41:21.485root 11241100x8000000000000000257506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6201938c047aa8b92023-02-08 09:41:21.485root 11241100x8000000000000000257521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507afd56b8318a5d2023-02-08 09:41:21.486root 11241100x8000000000000000257520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a38ba00665efcfec2023-02-08 09:41:21.486root 11241100x8000000000000000257519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c95ae70e396309b82023-02-08 09:41:21.486root 11241100x8000000000000000257518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44fbf28d545fa4552023-02-08 09:41:21.486root 11241100x8000000000000000257517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1692e2f36fcaafb2023-02-08 09:41:21.486root 11241100x8000000000000000257516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a746d1ae67479022023-02-08 09:41:21.486root 11241100x8000000000000000257515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2626093c41635242023-02-08 09:41:21.486root 11241100x8000000000000000257514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4c438f1bcdd4e062023-02-08 09:41:21.486root 11241100x8000000000000000257530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b23d48a5098421e52023-02-08 09:41:21.487root 11241100x8000000000000000257529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b35b6130e0afbc2023-02-08 09:41:21.487root 11241100x8000000000000000257528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3308a7ac5a559c762023-02-08 09:41:21.487root 11241100x8000000000000000257527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871b7b630e18bc352023-02-08 09:41:21.487root 11241100x8000000000000000257526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fed3001b54b0c5c62023-02-08 09:41:21.487root 11241100x8000000000000000257525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.407838a4e3c5ccda2023-02-08 09:41:21.487root 11241100x8000000000000000257524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ac727842fe926312023-02-08 09:41:21.487root 11241100x8000000000000000257523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c17ea1ce112d79fa2023-02-08 09:41:21.487root 11241100x8000000000000000257522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.682b67991d8778932023-02-08 09:41:21.487root 11241100x8000000000000000257536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e225b81a1beff972023-02-08 09:41:21.488root 11241100x8000000000000000257535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e46df16bfc9b2d82023-02-08 09:41:21.488root 11241100x8000000000000000257534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1342940827d25d52023-02-08 09:41:21.488root 11241100x8000000000000000257533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e4cc150d2470eb12023-02-08 09:41:21.488root 11241100x8000000000000000257532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3449299846141d232023-02-08 09:41:21.488root 11241100x8000000000000000257531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.508bc53c36c2db5f2023-02-08 09:41:21.488root 11241100x8000000000000000257543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a2b7e83c42985922023-02-08 09:41:21.489root 11241100x8000000000000000257542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.882c9568408585812023-02-08 09:41:21.489root 11241100x8000000000000000257541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c613785a81757df32023-02-08 09:41:21.489root 11241100x8000000000000000257540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c041f82d04ee69802023-02-08 09:41:21.489root 11241100x8000000000000000257539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d22962c7d63742232023-02-08 09:41:21.489root 11241100x8000000000000000257538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a65530bff703b2c2023-02-08 09:41:21.489root 11241100x8000000000000000257537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.443f71b1306d6ed32023-02-08 09:41:21.489root 11241100x8000000000000000257550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baf8f0cf43a908922023-02-08 09:41:21.490root 11241100x8000000000000000257549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dae1fec0a9a3e222023-02-08 09:41:21.490root 11241100x8000000000000000257548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1d6d06291ae47992023-02-08 09:41:21.490root 11241100x8000000000000000257547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ef96d48162cc2d2023-02-08 09:41:21.490root 11241100x8000000000000000257546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83c2cdd11e8070652023-02-08 09:41:21.490root 11241100x8000000000000000257545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d622bd7e828399082023-02-08 09:41:21.490root 11241100x8000000000000000257544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c0f6894817bc3cc2023-02-08 09:41:21.490root 11241100x8000000000000000257553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb09e538133e37f52023-02-08 09:41:21.491root 11241100x8000000000000000257552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a20f2cc6517f8c6b2023-02-08 09:41:21.491root 11241100x8000000000000000257551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de512afe5bb66c482023-02-08 09:41:21.491root 11241100x8000000000000000257554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb5ebb2fbfeaee82023-02-08 09:41:21.984root 11241100x8000000000000000257563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b26ece668f662732023-02-08 09:41:21.985root 11241100x8000000000000000257562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3029d67886188ba62023-02-08 09:41:21.985root 11241100x8000000000000000257561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2fdcb90b6c5ca712023-02-08 09:41:21.985root 11241100x8000000000000000257560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b96dd9729f740afe2023-02-08 09:41:21.985root 11241100x8000000000000000257559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfab813cafd436922023-02-08 09:41:21.985root 11241100x8000000000000000257558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf497ae1acde1b42023-02-08 09:41:21.985root 11241100x8000000000000000257557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97cfc2a87370bfe2023-02-08 09:41:21.985root 11241100x8000000000000000257556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5149e0774f75b7e2023-02-08 09:41:21.985root 11241100x8000000000000000257555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.874eacfd5c2520922023-02-08 09:41:21.985root 11241100x8000000000000000257571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5b619b06647a3852023-02-08 09:41:21.986root 11241100x8000000000000000257570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c11db31dd8906ea12023-02-08 09:41:21.986root 11241100x8000000000000000257569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e97322f78d06caa2023-02-08 09:41:21.986root 11241100x8000000000000000257568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2a3ae4a68d4edb32023-02-08 09:41:21.986root 11241100x8000000000000000257567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d4087caa94ea2b2023-02-08 09:41:21.986root 11241100x8000000000000000257566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34863c04bde75e922023-02-08 09:41:21.986root 11241100x8000000000000000257565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718214573767da1e2023-02-08 09:41:21.986root 11241100x8000000000000000257564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e2364c02cd73c32023-02-08 09:41:21.986root 11241100x8000000000000000257579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08963c7b914423be2023-02-08 09:41:21.987root 11241100x8000000000000000257578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d20182d00a7ec432023-02-08 09:41:21.987root 11241100x8000000000000000257577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f6db5eb0eb57742023-02-08 09:41:21.987root 11241100x8000000000000000257576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e3ce3fe080344f2023-02-08 09:41:21.987root 11241100x8000000000000000257575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a7f7b54effe3c92023-02-08 09:41:21.987root 11241100x8000000000000000257574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aada1a4c0923df672023-02-08 09:41:21.987root 11241100x8000000000000000257573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c33a9f8b097ca89c2023-02-08 09:41:21.987root 11241100x8000000000000000257572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3e5e3a9930aa6402023-02-08 09:41:21.987root 11241100x8000000000000000257585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf05411cb89aead52023-02-08 09:41:21.988root 11241100x8000000000000000257584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80a888f17368e1d52023-02-08 09:41:21.988root 11241100x8000000000000000257583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a535632f03a4f812023-02-08 09:41:21.988root 11241100x8000000000000000257582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76549dfacad0dc602023-02-08 09:41:21.988root 11241100x8000000000000000257581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7073c57b33e8ee02023-02-08 09:41:21.988root 11241100x8000000000000000257580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5301a5c3fc65ef682023-02-08 09:41:21.988root 11241100x8000000000000000257593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5590ae4a8fcae6502023-02-08 09:41:21.989root 11241100x8000000000000000257592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d907d992d19fa02023-02-08 09:41:21.989root 11241100x8000000000000000257591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e386994998b199382023-02-08 09:41:21.989root 11241100x8000000000000000257590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10ad4cc483a067252023-02-08 09:41:21.989root 11241100x8000000000000000257589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28b6fd697e4c8f02023-02-08 09:41:21.989root 11241100x8000000000000000257588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a4bbb07c97bc282023-02-08 09:41:21.989root 11241100x8000000000000000257587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eac1efffdd523502023-02-08 09:41:21.989root 11241100x8000000000000000257586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb58b3b1f8983652023-02-08 09:41:21.989root 11241100x8000000000000000257606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c81f28685f8eb4052023-02-08 09:41:21.990root 11241100x8000000000000000257605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a38ac538ebf9412023-02-08 09:41:21.990root 11241100x8000000000000000257604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46ef5739dc06eeae2023-02-08 09:41:21.990root 11241100x8000000000000000257603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f53a30b9281efa2023-02-08 09:41:21.990root 11241100x8000000000000000257602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.728fa10d39d744ce2023-02-08 09:41:21.990root 11241100x8000000000000000257601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c951e2313a37962023-02-08 09:41:21.990root 11241100x8000000000000000257600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a9bbc91f8b47302023-02-08 09:41:21.990root 11241100x8000000000000000257599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fe8c9ccff51489c2023-02-08 09:41:21.990root 11241100x8000000000000000257598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d47c7fd2e121722023-02-08 09:41:21.990root 11241100x8000000000000000257597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7077437825742882023-02-08 09:41:21.990root 11241100x8000000000000000257596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b3505a34d710fb32023-02-08 09:41:21.990root 11241100x8000000000000000257595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04f6660728ccc6e52023-02-08 09:41:21.990root 11241100x8000000000000000257594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a3ede7e6374e882023-02-08 09:41:21.990root 11241100x8000000000000000257609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.442d0baacb2a30c22023-02-08 09:41:21.991root 11241100x8000000000000000257608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1681f0369f5af6052023-02-08 09:41:21.991root 11241100x8000000000000000257607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e55107fc8423012023-02-08 09:41:21.991root 11241100x8000000000000000257620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462d0ffa4acafbad2023-02-08 09:41:22.485root 11241100x8000000000000000257619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde4e44ebd895aa32023-02-08 09:41:22.485root 11241100x8000000000000000257618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9da0ae7c9ee36d762023-02-08 09:41:22.485root 11241100x8000000000000000257617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.591147986ecde8c12023-02-08 09:41:22.485root 11241100x8000000000000000257616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a05a9d04de650f652023-02-08 09:41:22.485root 11241100x8000000000000000257615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86aed27c13b82d372023-02-08 09:41:22.485root 11241100x8000000000000000257614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36b47e1a8c0fb1322023-02-08 09:41:22.485root 11241100x8000000000000000257613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e12a00a09f6a8b92023-02-08 09:41:22.485root 11241100x8000000000000000257612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d581c7d13694e82023-02-08 09:41:22.485root 11241100x8000000000000000257611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ade691da80f0182023-02-08 09:41:22.485root 11241100x8000000000000000257610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82d33cabb13103572023-02-08 09:41:22.485root 11241100x8000000000000000257634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8330558641b6a4192023-02-08 09:41:22.486root 11241100x8000000000000000257633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f40e51155d2cd82023-02-08 09:41:22.486root 11241100x8000000000000000257632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe95c37b3f789072023-02-08 09:41:22.486root 11241100x8000000000000000257631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd3c4f1bfa7fb752023-02-08 09:41:22.486root 11241100x8000000000000000257630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e1acf70020109bc2023-02-08 09:41:22.486root 11241100x8000000000000000257629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b0424fd9c12b1af2023-02-08 09:41:22.486root 11241100x8000000000000000257628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d80a76a6d0a0a5382023-02-08 09:41:22.486root 11241100x8000000000000000257627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96eebaa36e8deff62023-02-08 09:41:22.486root 11241100x8000000000000000257626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51c37207a369787c2023-02-08 09:41:22.486root 11241100x8000000000000000257625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ff4d60326525392023-02-08 09:41:22.486root 11241100x8000000000000000257624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f0029763539ef952023-02-08 09:41:22.486root 11241100x8000000000000000257623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.804e7b24473f0fac2023-02-08 09:41:22.486root 11241100x8000000000000000257622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbde52b440f08ed72023-02-08 09:41:22.486root 11241100x8000000000000000257621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4086532f20b817d42023-02-08 09:41:22.486root 11241100x8000000000000000257649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28526424f6eb3a1b2023-02-08 09:41:22.487root 11241100x8000000000000000257648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe228471649f616f2023-02-08 09:41:22.487root 11241100x8000000000000000257647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f37a51816f2e94632023-02-08 09:41:22.487root 11241100x8000000000000000257646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78d959183af8460c2023-02-08 09:41:22.487root 11241100x8000000000000000257645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cc6ebb920c648bb2023-02-08 09:41:22.487root 11241100x8000000000000000257644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b444d5e20f43ea92023-02-08 09:41:22.487root 11241100x8000000000000000257643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ca8314b15163e92023-02-08 09:41:22.487root 11241100x8000000000000000257642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60608a73fc2947e22023-02-08 09:41:22.487root 11241100x8000000000000000257641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def2c009439867712023-02-08 09:41:22.487root 11241100x8000000000000000257640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fc906779381a2222023-02-08 09:41:22.487root 11241100x8000000000000000257639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e487224ad5837282023-02-08 09:41:22.487root 11241100x8000000000000000257638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbd6ae11b83bc2f42023-02-08 09:41:22.487root 11241100x8000000000000000257637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b51bab9995c42c2023-02-08 09:41:22.487root 11241100x8000000000000000257636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f179e6867658f2e2023-02-08 09:41:22.487root 11241100x8000000000000000257635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73be1dfb63c1f9f72023-02-08 09:41:22.487root 11241100x8000000000000000257655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16127381a5450b4b2023-02-08 09:41:22.488root 11241100x8000000000000000257654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f150ae23e01a9ff2023-02-08 09:41:22.488root 11241100x8000000000000000257653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.348e2e714d674f0f2023-02-08 09:41:22.488root 11241100x8000000000000000257652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c4ded74a81f5bef2023-02-08 09:41:22.488root 11241100x8000000000000000257651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7a73c8f238b541d2023-02-08 09:41:22.488root 11241100x8000000000000000257650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7009ea39f186acb42023-02-08 09:41:22.488root 11241100x8000000000000000257657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6577e5b08a4545d62023-02-08 09:41:22.985root 11241100x8000000000000000257656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02dc67815c8099662023-02-08 09:41:22.985root 11241100x8000000000000000257668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a1014bc5d0704962023-02-08 09:41:22.986root 11241100x8000000000000000257667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6db26c4753f44752023-02-08 09:41:22.986root 11241100x8000000000000000257666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac9b3e346cdf3982023-02-08 09:41:22.986root 11241100x8000000000000000257665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4650863f798de5a22023-02-08 09:41:22.986root 11241100x8000000000000000257664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f5043ac39aff642023-02-08 09:41:22.986root 11241100x8000000000000000257663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8607ca2467aa4b712023-02-08 09:41:22.986root 11241100x8000000000000000257662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9122eeb3340f38012023-02-08 09:41:22.986root 11241100x8000000000000000257661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f914e76102ec6d2c2023-02-08 09:41:22.986root 11241100x8000000000000000257660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3cff9adaf3953192023-02-08 09:41:22.986root 11241100x8000000000000000257659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd0eeca446053d12023-02-08 09:41:22.986root 11241100x8000000000000000257658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d665ef464cfc6e642023-02-08 09:41:22.986root 11241100x8000000000000000257679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7837e89af6c929802023-02-08 09:41:22.987root 11241100x8000000000000000257678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ca2ef78240b78a2023-02-08 09:41:22.987root 11241100x8000000000000000257677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3498e03ba955df42023-02-08 09:41:22.987root 11241100x8000000000000000257676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40ad9263b357663c2023-02-08 09:41:22.987root 11241100x8000000000000000257675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d321e2ced2c839692023-02-08 09:41:22.987root 11241100x8000000000000000257674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e171a94548eda2032023-02-08 09:41:22.987root 11241100x8000000000000000257673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2783690d9b7775592023-02-08 09:41:22.987root 11241100x8000000000000000257672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1237fae2f768a4882023-02-08 09:41:22.987root 11241100x8000000000000000257671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8430b09bcbfddb632023-02-08 09:41:22.987root 11241100x8000000000000000257670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bb89f9887e1cb422023-02-08 09:41:22.987root 11241100x8000000000000000257669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a84d4b97f213bad2023-02-08 09:41:22.987root 11241100x8000000000000000257681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd21fbfc8e557d82023-02-08 09:41:22.988root 11241100x8000000000000000257680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b54b86a0db86de252023-02-08 09:41:22.988root 11241100x8000000000000000257686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22203771940630702023-02-08 09:41:22.990root 11241100x8000000000000000257685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e94539a3570de62023-02-08 09:41:22.990root 11241100x8000000000000000257684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.056f5a081ebbcc572023-02-08 09:41:22.990root 11241100x8000000000000000257683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b0c878bc98adf502023-02-08 09:41:22.990root 11241100x8000000000000000257682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c9eb3c8263db34b2023-02-08 09:41:22.990root 11241100x8000000000000000257690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.217056aa91e4d2b92023-02-08 09:41:22.991root 11241100x8000000000000000257689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba8ef5d2414c95222023-02-08 09:41:22.991root 11241100x8000000000000000257688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa6564d5384757912023-02-08 09:41:22.991root 11241100x8000000000000000257687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a11fc736f4de3672023-02-08 09:41:22.991root 11241100x8000000000000000257696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd3b9a82dcbb1902023-02-08 09:41:22.992root 11241100x8000000000000000257695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b62ce785b1484b712023-02-08 09:41:22.992root 11241100x8000000000000000257694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce0c34a38761ca982023-02-08 09:41:22.992root 11241100x8000000000000000257693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c85e46f5716ae1302023-02-08 09:41:22.992root 11241100x8000000000000000257692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.add29ad01aefc3342023-02-08 09:41:22.992root 11241100x8000000000000000257691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d93e55cd3ef96382023-02-08 09:41:22.992root 11241100x8000000000000000257707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5128005141a743c2023-02-08 09:41:22.993root 11241100x8000000000000000257706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e66a921336e8e32023-02-08 09:41:22.993root 11241100x8000000000000000257705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e532a70f9ad6022023-02-08 09:41:22.993root 11241100x8000000000000000257704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dc83a7e07d1d8842023-02-08 09:41:22.993root 11241100x8000000000000000257703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c15bdef333c0f3252023-02-08 09:41:22.993root 11241100x8000000000000000257702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3791d1aa4d0e87d2023-02-08 09:41:22.993root 11241100x8000000000000000257701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b5c36da203a28cb2023-02-08 09:41:22.993root 11241100x8000000000000000257700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7934f29de795c0d2023-02-08 09:41:22.993root 11241100x8000000000000000257699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1a9000b0df7861f2023-02-08 09:41:22.993root 11241100x8000000000000000257698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f4342561c0f7902023-02-08 09:41:22.993root 11241100x8000000000000000257697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b83dc925c111139e2023-02-08 09:41:22.993root 11241100x8000000000000000257709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc06a1363a9939fa2023-02-08 09:41:22.994root 11241100x8000000000000000257708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f5c643c4be90d762023-02-08 09:41:22.994root 11241100x8000000000000000257710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5950c0a53feba142023-02-08 09:41:23.485root 11241100x8000000000000000257715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce0d5a84f5e083c82023-02-08 09:41:23.486root 11241100x8000000000000000257714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64a6e92920e9faa12023-02-08 09:41:23.486root 11241100x8000000000000000257713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be573bfe9e3689a92023-02-08 09:41:23.486root 11241100x8000000000000000257712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00ea3a2bbe384e552023-02-08 09:41:23.486root 11241100x8000000000000000257711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.638e53cbc89e056e2023-02-08 09:41:23.486root 11241100x8000000000000000257722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3002fa0bb8d81bd2023-02-08 09:41:23.487root 11241100x8000000000000000257721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5339ec945eb302052023-02-08 09:41:23.487root 11241100x8000000000000000257720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5da07952f34373e2023-02-08 09:41:23.487root 11241100x8000000000000000257719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d37d601e6fd5b692023-02-08 09:41:23.487root 11241100x8000000000000000257718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf5b646b72c4329a2023-02-08 09:41:23.487root 11241100x8000000000000000257717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.342ab780866d844b2023-02-08 09:41:23.487root 11241100x8000000000000000257716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.883d96125062e6d12023-02-08 09:41:23.487root 11241100x8000000000000000257735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a062e9b19329a792023-02-08 09:41:23.488root 11241100x8000000000000000257734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d470c3582be2a41a2023-02-08 09:41:23.488root 11241100x8000000000000000257733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e5c9b47c552d7e2023-02-08 09:41:23.488root 11241100x8000000000000000257732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00cf43756b206aaf2023-02-08 09:41:23.488root 11241100x8000000000000000257731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f901a4e6a21603f2023-02-08 09:41:23.488root 11241100x8000000000000000257730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb527d60b508dc6d2023-02-08 09:41:23.488root 11241100x8000000000000000257729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c5043ed3f3e9432023-02-08 09:41:23.488root 11241100x8000000000000000257728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c37fe2b4e2b1942023-02-08 09:41:23.488root 11241100x8000000000000000257727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4800c96bbc3fa0d02023-02-08 09:41:23.488root 11241100x8000000000000000257726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a39c8bf4b177b732023-02-08 09:41:23.488root 11241100x8000000000000000257725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de1494f8a90b7e432023-02-08 09:41:23.488root 11241100x8000000000000000257724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e96e667a13cc3a2023-02-08 09:41:23.488root 11241100x8000000000000000257723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.753b9175aef0bded2023-02-08 09:41:23.488root 11241100x8000000000000000257751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb3e1653e1cfd8f12023-02-08 09:41:23.489root 11241100x8000000000000000257750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcd77b62ec7a7c5d2023-02-08 09:41:23.489root 11241100x8000000000000000257749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1195a41ec76820852023-02-08 09:41:23.489root 11241100x8000000000000000257748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.579075de6ea5a9c32023-02-08 09:41:23.489root 11241100x8000000000000000257747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae0987af31ba453c2023-02-08 09:41:23.489root 11241100x8000000000000000257746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd6db0fcaa9f53d42023-02-08 09:41:23.489root 11241100x8000000000000000257745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95271cfd31a09bb32023-02-08 09:41:23.489root 11241100x8000000000000000257744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d6bc60e36159b242023-02-08 09:41:23.489root 11241100x8000000000000000257743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de522a3070feafd02023-02-08 09:41:23.489root 11241100x8000000000000000257742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2f531f611307fa02023-02-08 09:41:23.489root 11241100x8000000000000000257741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f0357a3c6d4c862023-02-08 09:41:23.489root 11241100x8000000000000000257740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1182359dfc931ad2023-02-08 09:41:23.489root 11241100x8000000000000000257739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd93e80ceb0292aa2023-02-08 09:41:23.489root 11241100x8000000000000000257738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcfbe3d7f41a03fc2023-02-08 09:41:23.489root 11241100x8000000000000000257737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8dbcaf8ff9fde32023-02-08 09:41:23.489root 11241100x8000000000000000257736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18c33ffc56737082023-02-08 09:41:23.489root 11241100x8000000000000000257756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4311f136a6deaaa2023-02-08 09:41:23.490root 11241100x8000000000000000257755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94959861237619ea2023-02-08 09:41:23.490root 11241100x8000000000000000257754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f2bb0a112057552023-02-08 09:41:23.490root 11241100x8000000000000000257753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.905178e103b687692023-02-08 09:41:23.490root 11241100x8000000000000000257752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65aaa52986074282023-02-08 09:41:23.490root 11241100x8000000000000000257760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28152595c51a584a2023-02-08 09:41:23.984root 11241100x8000000000000000257759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4854978c9f83a2f2023-02-08 09:41:23.984root 11241100x8000000000000000257758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db06024debbc6b462023-02-08 09:41:23.984root 11241100x8000000000000000257757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a3faabc6ddfbee2023-02-08 09:41:23.984root 11241100x8000000000000000257763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1f6863958375aae2023-02-08 09:41:23.985root 11241100x8000000000000000257762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fdf94be731b431a2023-02-08 09:41:23.985root 11241100x8000000000000000257761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e8668856d73b5342023-02-08 09:41:23.985root 11241100x8000000000000000257767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a1dec78db24abc2023-02-08 09:41:23.986root 11241100x8000000000000000257766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69df8a30c3947872023-02-08 09:41:23.986root 11241100x8000000000000000257765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a3613664af0b08b2023-02-08 09:41:23.986root 11241100x8000000000000000257764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe81aa29a23bc07d2023-02-08 09:41:23.986root 11241100x8000000000000000257770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b771f943869d0d482023-02-08 09:41:23.987root 11241100x8000000000000000257769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c5ddba7ab202dec2023-02-08 09:41:23.987root 11241100x8000000000000000257768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47de60da7b5b3f112023-02-08 09:41:23.987root 11241100x8000000000000000257775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d9f494c7674fe02023-02-08 09:41:23.988root 11241100x8000000000000000257774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.574ffa7a2db48ffd2023-02-08 09:41:23.988root 11241100x8000000000000000257773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33dcaf2ec484ecab2023-02-08 09:41:23.988root 11241100x8000000000000000257772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c92227572c036662023-02-08 09:41:23.988root 11241100x8000000000000000257771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d6e9de27eec4622023-02-08 09:41:23.988root 11241100x8000000000000000257781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e780340ff7ab64fd2023-02-08 09:41:23.989root 11241100x8000000000000000257780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.766bc67d9385db2f2023-02-08 09:41:23.989root 11241100x8000000000000000257779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e20b1858224c8f2023-02-08 09:41:23.989root 11241100x8000000000000000257778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a4771301d441f832023-02-08 09:41:23.989root 11241100x8000000000000000257777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a25674eca5a4572a2023-02-08 09:41:23.989root 11241100x8000000000000000257776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5db515d592da2ac2023-02-08 09:41:23.989root 11241100x8000000000000000257789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e372b98e4a536a4a2023-02-08 09:41:23.990root 11241100x8000000000000000257788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.042854c9296fb1762023-02-08 09:41:23.990root 11241100x8000000000000000257787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b9e86bebcac914e2023-02-08 09:41:23.990root 11241100x8000000000000000257786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e97fe1c683ae85f2023-02-08 09:41:23.990root 11241100x8000000000000000257785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77f3b048af3b57192023-02-08 09:41:23.990root 11241100x8000000000000000257784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc4f7a3020013f52023-02-08 09:41:23.990root 11241100x8000000000000000257783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28db874ae5a09c442023-02-08 09:41:23.990root 11241100x8000000000000000257782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26446159df565f7d2023-02-08 09:41:23.990root 11241100x8000000000000000257801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba10a2cd3c1085022023-02-08 09:41:23.993root 11241100x8000000000000000257800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c72cf52e37bd42e2023-02-08 09:41:23.993root 11241100x8000000000000000257799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40426379730263b82023-02-08 09:41:23.993root 11241100x8000000000000000257798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b4f557d85da2fb2023-02-08 09:41:23.993root 11241100x8000000000000000257797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5d8d7eee733dbb42023-02-08 09:41:23.993root 11241100x8000000000000000257796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1980cc8b835ecfd2023-02-08 09:41:23.993root 11241100x8000000000000000257795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0191267a2c7b30792023-02-08 09:41:23.993root 11241100x8000000000000000257794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c07fc1c8147bb5712023-02-08 09:41:23.993root 11241100x8000000000000000257793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1474927e59585dd2023-02-08 09:41:23.993root 11241100x8000000000000000257792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df93c8b586591ee2023-02-08 09:41:23.993root 11241100x8000000000000000257791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c8a40dfdcf4afdf2023-02-08 09:41:23.993root 11241100x8000000000000000257790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d922a09bc2f9ebef2023-02-08 09:41:23.993root 11241100x8000000000000000257809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d821559cb2042392023-02-08 09:41:23.994root 11241100x8000000000000000257808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba648efbe863981b2023-02-08 09:41:23.994root 11241100x8000000000000000257807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de913057cb697d542023-02-08 09:41:23.994root 11241100x8000000000000000257806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a20621fdb742b992023-02-08 09:41:23.994root 11241100x8000000000000000257805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ecde03391aefdcb2023-02-08 09:41:23.994root 11241100x8000000000000000257804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71179af4ff1a20c02023-02-08 09:41:23.994root 11241100x8000000000000000257803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf72714b63dcd25e2023-02-08 09:41:23.994root 11241100x8000000000000000257802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.817a3e28fb8219d52023-02-08 09:41:23.994root 11241100x8000000000000000257814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.512f688a6b2c806f2023-02-08 09:41:23.995root 11241100x8000000000000000257813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5cefa7bb3f6e64d2023-02-08 09:41:23.995root 11241100x8000000000000000257812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fbb28ee9fa47f732023-02-08 09:41:23.995root 11241100x8000000000000000257811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9033451a4cc565b72023-02-08 09:41:23.995root 11241100x8000000000000000257810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fefc04931500e1612023-02-08 09:41:23.995root 354300x8000000000000000257815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.094{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-46962-false10.0.1.12-8000- 11241100x8000000000000000257816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbddda8b6da506102023-02-08 09:41:24.485root 11241100x8000000000000000257822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5552f3d64023c6242023-02-08 09:41:24.486root 11241100x8000000000000000257821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.448bbaa5a5f0a4b42023-02-08 09:41:24.486root 11241100x8000000000000000257820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea848225fbfad2842023-02-08 09:41:24.486root 11241100x8000000000000000257819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2fba764074d34c12023-02-08 09:41:24.486root 11241100x8000000000000000257818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51247dc12470e7182023-02-08 09:41:24.486root 11241100x8000000000000000257817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.660b42757f6b89cc2023-02-08 09:41:24.486root 11241100x8000000000000000257834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244ec367433b30462023-02-08 09:41:24.487root 11241100x8000000000000000257833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a23e472797ee8a832023-02-08 09:41:24.487root 11241100x8000000000000000257832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b222b3b2559e7be2023-02-08 09:41:24.487root 11241100x8000000000000000257831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.736420bb749cf0792023-02-08 09:41:24.487root 11241100x8000000000000000257830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ff0fcd806f64ca2023-02-08 09:41:24.487root 11241100x8000000000000000257829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15569c0e1cc625392023-02-08 09:41:24.487root 11241100x8000000000000000257828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c624290cd3792662023-02-08 09:41:24.487root 11241100x8000000000000000257827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e78c597d1d33749a2023-02-08 09:41:24.487root 11241100x8000000000000000257826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42dad00f80c545db2023-02-08 09:41:24.487root 11241100x8000000000000000257825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21985c4252c8f1d22023-02-08 09:41:24.487root 11241100x8000000000000000257824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45d3055ca671e5282023-02-08 09:41:24.487root 11241100x8000000000000000257823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.199dec1ce42f74452023-02-08 09:41:24.487root 11241100x8000000000000000257843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09090c870e788efc2023-02-08 09:41:24.488root 11241100x8000000000000000257842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4febf2d4f498b0ff2023-02-08 09:41:24.488root 11241100x8000000000000000257841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba146dd5b3905bc02023-02-08 09:41:24.488root 11241100x8000000000000000257840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.236dad1b19bf013f2023-02-08 09:41:24.488root 11241100x8000000000000000257839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afdc9569e1cd69042023-02-08 09:41:24.488root 11241100x8000000000000000257838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f7fabe8f6cc661d2023-02-08 09:41:24.488root 11241100x8000000000000000257837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b5ec5ccaef91f92023-02-08 09:41:24.488root 11241100x8000000000000000257836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f75bccb7f620984f2023-02-08 09:41:24.488root 11241100x8000000000000000257835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bfe1ac1ca07c41d2023-02-08 09:41:24.488root 11241100x8000000000000000257845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.167c160b760feab72023-02-08 09:41:24.489root 11241100x8000000000000000257844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be871f260799a9972023-02-08 09:41:24.489root 11241100x8000000000000000257853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1270b482dc55ca222023-02-08 09:41:24.490root 11241100x8000000000000000257852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d5b15a84b391d282023-02-08 09:41:24.490root 11241100x8000000000000000257851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.780f4c3cc2c328f82023-02-08 09:41:24.490root 11241100x8000000000000000257850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5757045f7b7980d92023-02-08 09:41:24.490root 11241100x8000000000000000257849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.637b653aa62180272023-02-08 09:41:24.490root 11241100x8000000000000000257848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35d7a6c75c3ab50f2023-02-08 09:41:24.490root 11241100x8000000000000000257847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a96348fae497b7512023-02-08 09:41:24.490root 11241100x8000000000000000257846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ed6ba1e1bbd64ef2023-02-08 09:41:24.490root 11241100x8000000000000000257862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0e72204e7c776d52023-02-08 09:41:24.492root 11241100x8000000000000000257861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2c9fb03cc0f08d72023-02-08 09:41:24.492root 11241100x8000000000000000257860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b2a310d5e46e432023-02-08 09:41:24.492root 11241100x8000000000000000257859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea4ff30a5af49d72023-02-08 09:41:24.492root 11241100x8000000000000000257858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2961acb6dabaa0592023-02-08 09:41:24.492root 11241100x8000000000000000257857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d8a4d815d823a4a2023-02-08 09:41:24.492root 11241100x8000000000000000257856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c68ef692c8235b62023-02-08 09:41:24.492root 11241100x8000000000000000257855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c96313992d0234132023-02-08 09:41:24.492root 11241100x8000000000000000257854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde2841ffaa568a32023-02-08 09:41:24.492root 11241100x8000000000000000257863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7dc98cf03b994192023-02-08 09:41:24.493root 11241100x8000000000000000257864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7232f8f7b72ac312023-02-08 09:41:24.985root 11241100x8000000000000000257870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23d3787552cb6b4f2023-02-08 09:41:24.986root 11241100x8000000000000000257869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f425108d380f9242023-02-08 09:41:24.986root 11241100x8000000000000000257868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b3dfd3c28a453e92023-02-08 09:41:24.986root 11241100x8000000000000000257867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3760fed4260402902023-02-08 09:41:24.986root 11241100x8000000000000000257866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1331d0054f0017d42023-02-08 09:41:24.986root 11241100x8000000000000000257865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b761097714fcc2cb2023-02-08 09:41:24.986root 11241100x8000000000000000257880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.057c36635b2f4bc22023-02-08 09:41:24.987root 11241100x8000000000000000257879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.283cfa6d4abd73052023-02-08 09:41:24.987root 11241100x8000000000000000257878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02fd5d6dabf123c72023-02-08 09:41:24.987root 11241100x8000000000000000257877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b9cfdfe35b525d82023-02-08 09:41:24.987root 11241100x8000000000000000257876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4354e22bff8a3462023-02-08 09:41:24.987root 11241100x8000000000000000257875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e46e2cd640762aea2023-02-08 09:41:24.987root 11241100x8000000000000000257874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a1e8464c8a11aa2023-02-08 09:41:24.987root 11241100x8000000000000000257873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cce7b2da288fc7a2023-02-08 09:41:24.987root 11241100x8000000000000000257872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b653d338f9fbb22023-02-08 09:41:24.987root 11241100x8000000000000000257871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab97fe3b418e21c72023-02-08 09:41:24.987root 11241100x8000000000000000257888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b6015519c230d082023-02-08 09:41:24.988root 11241100x8000000000000000257887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6094c9ae45cb3eff2023-02-08 09:41:24.988root 11241100x8000000000000000257886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dce37853967873c2023-02-08 09:41:24.988root 11241100x8000000000000000257885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.395f6b724cb519882023-02-08 09:41:24.988root 11241100x8000000000000000257884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ffbb2b23f480ba2023-02-08 09:41:24.988root 11241100x8000000000000000257883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58bc6ce1e3dc783b2023-02-08 09:41:24.988root 11241100x8000000000000000257882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c0cd795f6045b882023-02-08 09:41:24.988root 11241100x8000000000000000257881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2033c8ef4e3bb8e22023-02-08 09:41:24.988root 11241100x8000000000000000257897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66546f734953e07e2023-02-08 09:41:24.989root 11241100x8000000000000000257896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38819397fa1ca72d2023-02-08 09:41:24.989root 11241100x8000000000000000257895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a93eb1260553cf002023-02-08 09:41:24.989root 11241100x8000000000000000257894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d5f9937dbfbb572023-02-08 09:41:24.989root 11241100x8000000000000000257893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f38c23c5ffc1345c2023-02-08 09:41:24.989root 11241100x8000000000000000257892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20e87e00184e99c02023-02-08 09:41:24.989root 11241100x8000000000000000257891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.824c7c89bd6257db2023-02-08 09:41:24.989root 11241100x8000000000000000257890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fdfaa0cedc48bf82023-02-08 09:41:24.989root 11241100x8000000000000000257889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22974660ea7efe702023-02-08 09:41:24.989root 11241100x8000000000000000257906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.087da337c07500592023-02-08 09:41:24.990root 11241100x8000000000000000257905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebebbf7a85374cdb2023-02-08 09:41:24.990root 11241100x8000000000000000257904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8692c17e60556b122023-02-08 09:41:24.990root 11241100x8000000000000000257903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f8b7fe861eab7a2023-02-08 09:41:24.990root 11241100x8000000000000000257902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9058e3a93e7fd3272023-02-08 09:41:24.990root 11241100x8000000000000000257901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df8e0f88f9c0b1c12023-02-08 09:41:24.990root 11241100x8000000000000000257900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.633c6442dab6ee9b2023-02-08 09:41:24.990root 11241100x8000000000000000257899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c59eee21d6fc042023-02-08 09:41:24.990root 11241100x8000000000000000257898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aff75d694d05a6a2023-02-08 09:41:24.990root 11241100x8000000000000000257910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26611aed84c02bb62023-02-08 09:41:24.991root 11241100x8000000000000000257909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c12b40f0486378132023-02-08 09:41:24.991root 11241100x8000000000000000257908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15cae9f8ecf9dc752023-02-08 09:41:24.991root 11241100x8000000000000000257907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e0f6ed77aed66ba2023-02-08 09:41:24.991root 11241100x8000000000000000257911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58203fb75cb076d12023-02-08 09:41:25.485root 11241100x8000000000000000257920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52fc43ac70616d692023-02-08 09:41:25.486root 11241100x8000000000000000257919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.019f753eed52b7fa2023-02-08 09:41:25.486root 11241100x8000000000000000257918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.238fd68ab98342362023-02-08 09:41:25.486root 11241100x8000000000000000257917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaf8191f3d8b87572023-02-08 09:41:25.486root 11241100x8000000000000000257916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.835aaeac5785f49a2023-02-08 09:41:25.486root 11241100x8000000000000000257915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46438bdaa073a6652023-02-08 09:41:25.486root 11241100x8000000000000000257914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9995b44d633ec57c2023-02-08 09:41:25.486root 11241100x8000000000000000257913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e4c544a05d6cbd2023-02-08 09:41:25.486root 11241100x8000000000000000257912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9583ef9e838b71f2023-02-08 09:41:25.486root 11241100x8000000000000000257930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73189b76d03d66d82023-02-08 09:41:25.487root 11241100x8000000000000000257929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6a73ff4bdc092632023-02-08 09:41:25.487root 11241100x8000000000000000257928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.920fbe4df53b1e652023-02-08 09:41:25.487root 11241100x8000000000000000257927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.664f66ed3ec373b42023-02-08 09:41:25.487root 11241100x8000000000000000257926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439e203c07fb54132023-02-08 09:41:25.487root 11241100x8000000000000000257925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35108cd7e9fb55f52023-02-08 09:41:25.487root 11241100x8000000000000000257924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a19bfe1b2e8763232023-02-08 09:41:25.487root 11241100x8000000000000000257923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8dea3efcdfdf792023-02-08 09:41:25.487root 11241100x8000000000000000257922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff15d03de883fc742023-02-08 09:41:25.487root 11241100x8000000000000000257921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ace236cfd9f2942023-02-08 09:41:25.487root 11241100x8000000000000000257940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5d873d134a286f52023-02-08 09:41:25.488root 11241100x8000000000000000257939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d29dc7023145012023-02-08 09:41:25.488root 11241100x8000000000000000257938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df6a318e52635af2023-02-08 09:41:25.488root 11241100x8000000000000000257937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd961b23392111752023-02-08 09:41:25.488root 11241100x8000000000000000257936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfde5514b7e6a74e2023-02-08 09:41:25.488root 11241100x8000000000000000257935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77409ee6854991652023-02-08 09:41:25.488root 11241100x8000000000000000257934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c12ebffe4e1b177a2023-02-08 09:41:25.488root 11241100x8000000000000000257933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec7a3c85291e7e4c2023-02-08 09:41:25.488root 11241100x8000000000000000257932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84c100d774d2003f2023-02-08 09:41:25.488root 11241100x8000000000000000257931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc5c6c89e2c8760f2023-02-08 09:41:25.488root 11241100x8000000000000000257951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3fc694c557820b2023-02-08 09:41:25.489root 11241100x8000000000000000257950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5026fe6a0a9dd2712023-02-08 09:41:25.489root 11241100x8000000000000000257949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7579b2cc085474212023-02-08 09:41:25.489root 11241100x8000000000000000257948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.574bf72499728f6f2023-02-08 09:41:25.489root 11241100x8000000000000000257947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c992243499bfae0e2023-02-08 09:41:25.489root 11241100x8000000000000000257946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ee516ced842c09f2023-02-08 09:41:25.489root 11241100x8000000000000000257945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8bece00d9490bc52023-02-08 09:41:25.489root 11241100x8000000000000000257944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d80d6849918668c12023-02-08 09:41:25.489root 11241100x8000000000000000257943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4991f8abf777f22023-02-08 09:41:25.489root 11241100x8000000000000000257942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a56b997f3b5d1752023-02-08 09:41:25.489root 11241100x8000000000000000257941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7553103890221ba62023-02-08 09:41:25.489root 11241100x8000000000000000257957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47c4f31d43f1d2432023-02-08 09:41:25.490root 11241100x8000000000000000257956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d3e62c5211665cc2023-02-08 09:41:25.490root 11241100x8000000000000000257955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b7178482d619a62023-02-08 09:41:25.490root 11241100x8000000000000000257954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8490ef09f6d772d02023-02-08 09:41:25.490root 11241100x8000000000000000257953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30bb72bd5aba0ba72023-02-08 09:41:25.490root 11241100x8000000000000000257952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.533e67d41cbb65172023-02-08 09:41:25.490root 11241100x8000000000000000257960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3abe655aa5de74112023-02-08 09:41:25.984root 11241100x8000000000000000257959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf90194af271bf332023-02-08 09:41:25.984root 11241100x8000000000000000257958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70cf9cc1e15643bd2023-02-08 09:41:25.984root 11241100x8000000000000000257975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.935a179bd9d6701c2023-02-08 09:41:25.985root 11241100x8000000000000000257974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cce190cbaaaeefc2023-02-08 09:41:25.985root 11241100x8000000000000000257973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad5e120a21d7b9982023-02-08 09:41:25.985root 11241100x8000000000000000257972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51bea584532c9f332023-02-08 09:41:25.985root 11241100x8000000000000000257971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.688eb930490f59352023-02-08 09:41:25.985root 11241100x8000000000000000257970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e01c17f87818182023-02-08 09:41:25.985root 11241100x8000000000000000257969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60f1260dfa2c7cd82023-02-08 09:41:25.985root 11241100x8000000000000000257968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fabaf3e0d39197af2023-02-08 09:41:25.985root 11241100x8000000000000000257967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8010eae3b1b5ee6b2023-02-08 09:41:25.985root 11241100x8000000000000000257966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8935d01b6d943de2023-02-08 09:41:25.985root 11241100x8000000000000000257965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.041f380a55ca86222023-02-08 09:41:25.985root 11241100x8000000000000000257964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a4c3276d7975e92023-02-08 09:41:25.985root 11241100x8000000000000000257963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56037225dcb3cf632023-02-08 09:41:25.985root 11241100x8000000000000000257962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d49e91484ff6b0d2023-02-08 09:41:25.985root 11241100x8000000000000000257961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a629d8873fb1ad752023-02-08 09:41:25.985root 11241100x8000000000000000257991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4fcf936f962779d2023-02-08 09:41:25.986root 11241100x8000000000000000257990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3676f4a0da2dbd232023-02-08 09:41:25.986root 11241100x8000000000000000257989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea353c90403a997d2023-02-08 09:41:25.986root 11241100x8000000000000000257988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.684eb12d8fe2d8a02023-02-08 09:41:25.986root 11241100x8000000000000000257987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d07a26875101c4b2023-02-08 09:41:25.986root 11241100x8000000000000000257986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbcf0e97f17faeea2023-02-08 09:41:25.986root 11241100x8000000000000000257985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bc51a1cd9ac67862023-02-08 09:41:25.986root 11241100x8000000000000000257984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0156add2980d4412023-02-08 09:41:25.986root 11241100x8000000000000000257983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9300c10c54e53572023-02-08 09:41:25.986root 11241100x8000000000000000257982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef076fce2087b6d42023-02-08 09:41:25.986root 11241100x8000000000000000257981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dfec9fcb16180802023-02-08 09:41:25.986root 11241100x8000000000000000257980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2420803c39a1f712023-02-08 09:41:25.986root 11241100x8000000000000000257979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51bdb2fda888bcfc2023-02-08 09:41:25.986root 11241100x8000000000000000257978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00ab1603aa0a31ae2023-02-08 09:41:25.986root 11241100x8000000000000000257977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b00229e0fc6f2982023-02-08 09:41:25.986root 11241100x8000000000000000257976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa9a849a3eab20022023-02-08 09:41:25.986root 11241100x8000000000000000258008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f38a3fac30d19e2023-02-08 09:41:25.987root 11241100x8000000000000000258007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dc3358f21d17ab52023-02-08 09:41:25.987root 11241100x8000000000000000258006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c05389b92097d69a2023-02-08 09:41:25.987root 11241100x8000000000000000258005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e909d56c4898d13a2023-02-08 09:41:25.987root 11241100x8000000000000000258004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eff067c86d76e2b02023-02-08 09:41:25.987root 11241100x8000000000000000258003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98950f4dca7d3a8b2023-02-08 09:41:25.987root 11241100x8000000000000000258002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f00188ebf8f283842023-02-08 09:41:25.987root 11241100x8000000000000000258001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25dffdc84e4761482023-02-08 09:41:25.987root 11241100x8000000000000000258000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49d61a40d785e90e2023-02-08 09:41:25.987root 11241100x8000000000000000257999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2133f044668527132023-02-08 09:41:25.987root 11241100x8000000000000000257998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa3994bd081705a2023-02-08 09:41:25.987root 11241100x8000000000000000257997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a45c78078915aefa2023-02-08 09:41:25.987root 11241100x8000000000000000257996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.635a638ba881ca792023-02-08 09:41:25.987root 11241100x8000000000000000257995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e8295998fc2324e2023-02-08 09:41:25.987root 11241100x8000000000000000257994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbf81f4f507ac81d2023-02-08 09:41:25.987root 11241100x8000000000000000257993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db90f3a3b09e4d52023-02-08 09:41:25.987root 11241100x8000000000000000257992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ece4878f86aa94f2023-02-08 09:41:25.987root 11241100x8000000000000000258015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de242fc4e1f873942023-02-08 09:41:25.989root 11241100x8000000000000000258014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88cd210119426da22023-02-08 09:41:25.989root 11241100x8000000000000000258013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7039e0383dd725422023-02-08 09:41:25.989root 11241100x8000000000000000258012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4bc79ef3df993842023-02-08 09:41:25.989root 11241100x8000000000000000258011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a341a8ec03e206d2023-02-08 09:41:25.989root 11241100x8000000000000000258010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd3535a4f24ac362023-02-08 09:41:25.989root 11241100x8000000000000000258009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6535bc071ed439272023-02-08 09:41:25.989root 11241100x8000000000000000258026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da5cbfce6dcd81e12023-02-08 09:41:25.990root 11241100x8000000000000000258025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada882d480a805232023-02-08 09:41:25.990root 11241100x8000000000000000258024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89608f0eaf84c3a22023-02-08 09:41:25.990root 11241100x8000000000000000258023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56c6d4013b19a5032023-02-08 09:41:25.990root 11241100x8000000000000000258022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1612c602ce2cd83c2023-02-08 09:41:25.990root 11241100x8000000000000000258021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c7e4d52953c15a2023-02-08 09:41:25.990root 11241100x8000000000000000258020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc55e331d7c1d9e2023-02-08 09:41:25.990root 11241100x8000000000000000258019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.476e03545c2e49552023-02-08 09:41:25.990root 11241100x8000000000000000258018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f258c6e1da7556d2023-02-08 09:41:25.990root 11241100x8000000000000000258017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e68004af929bd2f92023-02-08 09:41:25.990root 11241100x8000000000000000258016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22439e6495a9728f2023-02-08 09:41:25.990root 11241100x8000000000000000258040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e654743922a08ed92023-02-08 09:41:25.991root 11241100x8000000000000000258039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62ebbbdb6b3a0092023-02-08 09:41:25.991root 11241100x8000000000000000258038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1c90fce91d58d5d2023-02-08 09:41:25.991root 11241100x8000000000000000258037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ad3ae7c76892a12023-02-08 09:41:25.991root 11241100x8000000000000000258036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ecd46f6b76ba5312023-02-08 09:41:25.991root 11241100x8000000000000000258035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9690abb0b8517d32023-02-08 09:41:25.991root 11241100x8000000000000000258034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cd216d6a314ac802023-02-08 09:41:25.991root 11241100x8000000000000000258033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa69c6f8f6e94422023-02-08 09:41:25.991root 11241100x8000000000000000258032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b45c4c2cf051bb872023-02-08 09:41:25.991root 11241100x8000000000000000258031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09dd66fef60e67ac2023-02-08 09:41:25.991root 11241100x8000000000000000258030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff6c6c858b107b962023-02-08 09:41:25.991root 11241100x8000000000000000258029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1197e27ddb0e10d32023-02-08 09:41:25.991root 11241100x8000000000000000258028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e5fff2bdfc2b5ac2023-02-08 09:41:25.991root 11241100x8000000000000000258027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c2bc13795d1c102023-02-08 09:41:25.991root 11241100x8000000000000000258043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d24f4b5dd8c0646a2023-02-08 09:41:25.994root 11241100x8000000000000000258042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaec9b631fffa5122023-02-08 09:41:25.994root 11241100x8000000000000000258041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c7352ef921fd3192023-02-08 09:41:25.994root 11241100x8000000000000000258047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3003e72f98f332d62023-02-08 09:41:25.995root 11241100x8000000000000000258046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6634c63801900ab62023-02-08 09:41:25.995root 11241100x8000000000000000258045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67096721d07aaaea2023-02-08 09:41:25.995root 11241100x8000000000000000258044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69066b1db5b2d5752023-02-08 09:41:25.995root 11241100x8000000000000000258055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7dcb2a79d487f02023-02-08 09:41:25.996root 11241100x8000000000000000258054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13a152704911babc2023-02-08 09:41:25.996root 11241100x8000000000000000258053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7765873198b5f3862023-02-08 09:41:25.996root 11241100x8000000000000000258052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b88369c45c0ed3b62023-02-08 09:41:25.996root 11241100x8000000000000000258051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c21576cc0c800322023-02-08 09:41:25.996root 11241100x8000000000000000258050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33261e5e25a65ba62023-02-08 09:41:25.996root 11241100x8000000000000000258049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f69c63b2c10dfb2023-02-08 09:41:25.996root 11241100x8000000000000000258048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ad83d1d2118dba92023-02-08 09:41:25.996root 11241100x8000000000000000258067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba26e2c446ec96f72023-02-08 09:41:25.997root 11241100x8000000000000000258066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b4744e6be971f972023-02-08 09:41:25.997root 11241100x8000000000000000258065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3685e284267054a22023-02-08 09:41:25.997root 11241100x8000000000000000258064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6497556908ec5c2023-02-08 09:41:25.997root 11241100x8000000000000000258063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf8fa8f86256b9c2023-02-08 09:41:25.997root 11241100x8000000000000000258062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19471ef49d7e13a22023-02-08 09:41:25.997root 11241100x8000000000000000258061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d94b7e0a76cfa3302023-02-08 09:41:25.997root 11241100x8000000000000000258060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f9d211a61c81f22023-02-08 09:41:25.997root 11241100x8000000000000000258059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e43931d83244402023-02-08 09:41:25.997root 11241100x8000000000000000258058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f57ebc28b5a53b132023-02-08 09:41:25.997root 11241100x8000000000000000258057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe4d95c7422de002023-02-08 09:41:25.997root 11241100x8000000000000000258056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f04f6884c821d3cc2023-02-08 09:41:25.997root 11241100x8000000000000000258068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8a503f095161a452023-02-08 09:41:26.485root 11241100x8000000000000000258076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a674951d7b038b6e2023-02-08 09:41:26.486root 11241100x8000000000000000258075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa829306b4d53002023-02-08 09:41:26.486root 11241100x8000000000000000258074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.027a61aff66bc02d2023-02-08 09:41:26.486root 11241100x8000000000000000258073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e63dcdd8de245b5a2023-02-08 09:41:26.486root 11241100x8000000000000000258072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fad11fb969bc0e5d2023-02-08 09:41:26.486root 11241100x8000000000000000258071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf54aa8b90da7922023-02-08 09:41:26.486root 11241100x8000000000000000258070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a54e7d8ca382ab2023-02-08 09:41:26.486root 11241100x8000000000000000258069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c47a9a38fa291942023-02-08 09:41:26.486root 11241100x8000000000000000258085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.633ceb6d5fcb9a492023-02-08 09:41:26.487root 11241100x8000000000000000258084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbea959468d666832023-02-08 09:41:26.487root 11241100x8000000000000000258083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1d505f1fce061e2023-02-08 09:41:26.487root 11241100x8000000000000000258082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b40f91ab5970c5ef2023-02-08 09:41:26.487root 11241100x8000000000000000258081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e78c09992effc42023-02-08 09:41:26.487root 11241100x8000000000000000258080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb2190077b1dff0f2023-02-08 09:41:26.487root 11241100x8000000000000000258079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee2865cc04dd9e192023-02-08 09:41:26.487root 11241100x8000000000000000258078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad895971d3a1f0472023-02-08 09:41:26.487root 11241100x8000000000000000258077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20118e035f7535582023-02-08 09:41:26.487root 11241100x8000000000000000258095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91bd386f333d79782023-02-08 09:41:26.488root 11241100x8000000000000000258094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.404ddadb9061cf0e2023-02-08 09:41:26.488root 11241100x8000000000000000258093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9a84988e438b602023-02-08 09:41:26.488root 11241100x8000000000000000258092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233b545cf3a96d532023-02-08 09:41:26.488root 11241100x8000000000000000258091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f71e8a34f10d70a2023-02-08 09:41:26.488root 11241100x8000000000000000258090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2b3473fd79652a52023-02-08 09:41:26.488root 11241100x8000000000000000258089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a7674e2f5fc11142023-02-08 09:41:26.488root 11241100x8000000000000000258088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.788b16e8c93ddc5d2023-02-08 09:41:26.488root 11241100x8000000000000000258087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5030c1f74dfff8262023-02-08 09:41:26.488root 11241100x8000000000000000258086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4d28c8545f561f22023-02-08 09:41:26.488root 11241100x8000000000000000258103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe11e181b5169fa62023-02-08 09:41:26.489root 11241100x8000000000000000258102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.890134f844276ef42023-02-08 09:41:26.489root 11241100x8000000000000000258101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a2dc0187ebed76a2023-02-08 09:41:26.489root 11241100x8000000000000000258100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3cc5f176b61788b2023-02-08 09:41:26.489root 11241100x8000000000000000258099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.defab7677767ed0c2023-02-08 09:41:26.489root 11241100x8000000000000000258098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49912b1e4b322d152023-02-08 09:41:26.489root 11241100x8000000000000000258097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ff859de8585fd12023-02-08 09:41:26.489root 11241100x8000000000000000258096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff43a857292c731a2023-02-08 09:41:26.489root 11241100x8000000000000000258113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e95837afe81b18a22023-02-08 09:41:26.490root 11241100x8000000000000000258112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac529ebb4e4eed32023-02-08 09:41:26.490root 11241100x8000000000000000258111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6667001306d7524a2023-02-08 09:41:26.490root 11241100x8000000000000000258110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb82149db4b26542023-02-08 09:41:26.490root 11241100x8000000000000000258109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e99c4bcf9c7e592023-02-08 09:41:26.490root 11241100x8000000000000000258108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94a9b387a8f326572023-02-08 09:41:26.490root 11241100x8000000000000000258107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60397f245381af332023-02-08 09:41:26.490root 11241100x8000000000000000258106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.143188d1b603e9e52023-02-08 09:41:26.490root 11241100x8000000000000000258105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2592324a669702912023-02-08 09:41:26.490root 11241100x8000000000000000258104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b266cf5a8a86462023-02-08 09:41:26.490root 11241100x8000000000000000258118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62a3ff20fe2e82cc2023-02-08 09:41:26.491root 11241100x8000000000000000258117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7055ca2b63d87c4d2023-02-08 09:41:26.491root 11241100x8000000000000000258116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc40d41040a3179e2023-02-08 09:41:26.491root 11241100x8000000000000000258115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b439298b77bc3d9d2023-02-08 09:41:26.491root 11241100x8000000000000000258114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43997b157b3d06152023-02-08 09:41:26.491root 11241100x8000000000000000258119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c3561efa3f02642023-02-08 09:41:26.985root 11241100x8000000000000000258121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c824e576ac9f6c3b2023-02-08 09:41:26.986root 11241100x8000000000000000258120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df4e12f746918cf52023-02-08 09:41:26.986root 11241100x8000000000000000258127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987f04d75df344ef2023-02-08 09:41:26.987root 11241100x8000000000000000258126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4372690df122ade92023-02-08 09:41:26.987root 11241100x8000000000000000258125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae180004b72bb7f2023-02-08 09:41:26.987root 11241100x8000000000000000258124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7048b3328bbe0f92023-02-08 09:41:26.987root 11241100x8000000000000000258123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d40415ba67faec2023-02-08 09:41:26.987root 11241100x8000000000000000258122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4346a40ad148d192023-02-08 09:41:26.987root 11241100x8000000000000000258141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.689ccae0ee7bf9952023-02-08 09:41:26.988root 11241100x8000000000000000258140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8adbf99af2c5edbb2023-02-08 09:41:26.988root 11241100x8000000000000000258139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec4e31ff1b256ee2023-02-08 09:41:26.988root 11241100x8000000000000000258138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc0972a522bc564d2023-02-08 09:41:26.988root 11241100x8000000000000000258137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.977e94cfd66a65b22023-02-08 09:41:26.988root 11241100x8000000000000000258136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed7245f3de6c1b9a2023-02-08 09:41:26.988root 11241100x8000000000000000258135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da8f5f707b804a182023-02-08 09:41:26.988root 11241100x8000000000000000258134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd80a6d4660b2a652023-02-08 09:41:26.988root 11241100x8000000000000000258133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.345ac6c1035a1ad32023-02-08 09:41:26.988root 11241100x8000000000000000258132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a03926a8ed583582023-02-08 09:41:26.988root 11241100x8000000000000000258131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3f5c2816fb36352023-02-08 09:41:26.988root 11241100x8000000000000000258130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ae49eaeb998adea2023-02-08 09:41:26.988root 11241100x8000000000000000258129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ce6536102cdd002023-02-08 09:41:26.988root 11241100x8000000000000000258128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6530d4877e1399e22023-02-08 09:41:26.988root 11241100x8000000000000000258155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f602f96cffd234c92023-02-08 09:41:26.989root 11241100x8000000000000000258154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c45dd38a473d637e2023-02-08 09:41:26.989root 11241100x8000000000000000258153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.258824764eaea28a2023-02-08 09:41:26.989root 11241100x8000000000000000258152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06a8f837ea34050d2023-02-08 09:41:26.989root 11241100x8000000000000000258151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e6b53e5e5bfe602023-02-08 09:41:26.989root 11241100x8000000000000000258150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9949573a5e1eef0d2023-02-08 09:41:26.989root 11241100x8000000000000000258149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c45c39a2194b8c2b2023-02-08 09:41:26.989root 11241100x8000000000000000258148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b046109f5cf42522023-02-08 09:41:26.989root 11241100x8000000000000000258147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acece4947b34d8232023-02-08 09:41:26.989root 11241100x8000000000000000258146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64039c829644de842023-02-08 09:41:26.989root 11241100x8000000000000000258145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.135e485b0f136cb12023-02-08 09:41:26.989root 11241100x8000000000000000258144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d7b9fb19f3a7b592023-02-08 09:41:26.989root 11241100x8000000000000000258143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92870220035e83cc2023-02-08 09:41:26.989root 11241100x8000000000000000258142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd5f22e387d26f4c2023-02-08 09:41:26.989root 11241100x8000000000000000258161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c208023a5cd526e2023-02-08 09:41:26.990root 11241100x8000000000000000258160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fdaf547b30f86592023-02-08 09:41:26.990root 11241100x8000000000000000258159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d93f03c2482b582023-02-08 09:41:26.990root 11241100x8000000000000000258158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e98a22ad7ef477d12023-02-08 09:41:26.990root 11241100x8000000000000000258157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d75701161f775152023-02-08 09:41:26.990root 11241100x8000000000000000258156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c14b32bae59331342023-02-08 09:41:26.990root 11241100x8000000000000000258164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1b83ae6113b8362023-02-08 09:41:26.991root 11241100x8000000000000000258163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d8aa79527b308fe2023-02-08 09:41:26.991root 11241100x8000000000000000258162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8baf86192a07b3192023-02-08 09:41:26.991root 11241100x8000000000000000258165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4475da3a777a97702023-02-08 09:41:26.992root 11241100x8000000000000000258172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c81a0355e8339c7a2023-02-08 09:41:27.485root 11241100x8000000000000000258171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c079f4d5dc68cd82023-02-08 09:41:27.485root 11241100x8000000000000000258170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9d3a69783efef4b2023-02-08 09:41:27.485root 11241100x8000000000000000258169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4185e0320dfeca9c2023-02-08 09:41:27.485root 11241100x8000000000000000258168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5361d2bc53898c582023-02-08 09:41:27.485root 11241100x8000000000000000258167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b933c4db19227272023-02-08 09:41:27.485root 11241100x8000000000000000258166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68032685deeb41c2023-02-08 09:41:27.485root 11241100x8000000000000000258183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73683a8adc040f502023-02-08 09:41:27.486root 11241100x8000000000000000258182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd260b7696f5f4932023-02-08 09:41:27.486root 11241100x8000000000000000258181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e74277e8e8d66d6b2023-02-08 09:41:27.486root 11241100x8000000000000000258180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b30380be06a8722023-02-08 09:41:27.486root 11241100x8000000000000000258179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cfcbdd1442d61212023-02-08 09:41:27.486root 11241100x8000000000000000258178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c90bbc9357915a62023-02-08 09:41:27.486root 11241100x8000000000000000258177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b8db0fbdf6594092023-02-08 09:41:27.486root 11241100x8000000000000000258176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825bd122b8b2a9932023-02-08 09:41:27.486root 11241100x8000000000000000258175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2effb135f29af5192023-02-08 09:41:27.486root 11241100x8000000000000000258174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5fd9575cab593fb2023-02-08 09:41:27.486root 11241100x8000000000000000258173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.425b95162ce93fce2023-02-08 09:41:27.486root 11241100x8000000000000000258184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c14f0316b9b1a1502023-02-08 09:41:27.487root 11241100x8000000000000000258195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78c456d3889d6d582023-02-08 09:41:27.488root 11241100x8000000000000000258194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac7af878a9129a142023-02-08 09:41:27.488root 11241100x8000000000000000258193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34dfeb34a1a2bfdf2023-02-08 09:41:27.488root 11241100x8000000000000000258192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e5d812001909f022023-02-08 09:41:27.488root 11241100x8000000000000000258191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94eabab2672400222023-02-08 09:41:27.488root 11241100x8000000000000000258190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f70d41d9490eeaf02023-02-08 09:41:27.488root 11241100x8000000000000000258189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e974bebef0778682023-02-08 09:41:27.488root 11241100x8000000000000000258188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b91e1691dd23af52023-02-08 09:41:27.488root 11241100x8000000000000000258187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3c13a70f0acd28a2023-02-08 09:41:27.488root 11241100x8000000000000000258186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e41769eb353bd032023-02-08 09:41:27.488root 11241100x8000000000000000258185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb125dfbeb358f642023-02-08 09:41:27.488root 11241100x8000000000000000258206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.202be147d75984692023-02-08 09:41:27.490root 11241100x8000000000000000258205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb482f9f2d5181322023-02-08 09:41:27.490root 11241100x8000000000000000258204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.860c53f0900814d82023-02-08 09:41:27.490root 11241100x8000000000000000258203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a3d07a5379de6802023-02-08 09:41:27.490root 11241100x8000000000000000258202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbc92342621b57da2023-02-08 09:41:27.490root 11241100x8000000000000000258201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c819a52d7dc2cf672023-02-08 09:41:27.490root 11241100x8000000000000000258200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c06d4038c32f532023-02-08 09:41:27.490root 11241100x8000000000000000258199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8915cb36a0f2f31f2023-02-08 09:41:27.490root 11241100x8000000000000000258198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b53cc1185bdc5182023-02-08 09:41:27.490root 11241100x8000000000000000258197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beeb48df7cc644742023-02-08 09:41:27.490root 11241100x8000000000000000258196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e71f055297ec1c2023-02-08 09:41:27.490root 11241100x8000000000000000258218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a73f4b3c3ee690e2023-02-08 09:41:27.493root 11241100x8000000000000000258217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9baaa5b128f86772023-02-08 09:41:27.493root 11241100x8000000000000000258216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b41dfe037074672023-02-08 09:41:27.493root 11241100x8000000000000000258215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e2ac4a7e94b68e2023-02-08 09:41:27.493root 11241100x8000000000000000258214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c31f998a70b2362023-02-08 09:41:27.493root 11241100x8000000000000000258213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3614cbc818414f3b2023-02-08 09:41:27.493root 11241100x8000000000000000258212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e5d78dd8fd6e9df2023-02-08 09:41:27.493root 11241100x8000000000000000258211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df7c7e85717907dd2023-02-08 09:41:27.493root 11241100x8000000000000000258210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd5ca13d4323ba172023-02-08 09:41:27.493root 11241100x8000000000000000258209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ebd77c3848158fb2023-02-08 09:41:27.493root 11241100x8000000000000000258208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ecd844130e393f2023-02-08 09:41:27.493root 11241100x8000000000000000258207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a29ba2a19b827e9f2023-02-08 09:41:27.493root 11241100x8000000000000000258220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02ca4ef742a3226f2023-02-08 09:41:27.495root 11241100x8000000000000000258219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a33daeed7c6c34c82023-02-08 09:41:27.495root 11241100x8000000000000000258221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c06f3e70882cfd5b2023-02-08 09:41:27.985root 11241100x8000000000000000258230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6851c270c8a124892023-02-08 09:41:27.986root 11241100x8000000000000000258229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45aa42191b66e0b32023-02-08 09:41:27.986root 11241100x8000000000000000258228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eabc5589f317a9b2023-02-08 09:41:27.986root 11241100x8000000000000000258227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79e29b188f41d8702023-02-08 09:41:27.986root 11241100x8000000000000000258226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db0b1135ead86ead2023-02-08 09:41:27.986root 11241100x8000000000000000258225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f80b4d6339d1a882023-02-08 09:41:27.986root 11241100x8000000000000000258224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.328027f95ed6894d2023-02-08 09:41:27.986root 11241100x8000000000000000258223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c64132216787392023-02-08 09:41:27.986root 11241100x8000000000000000258222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6184fe38f29fffe2023-02-08 09:41:27.986root 11241100x8000000000000000258240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abcfa75b8f2c58302023-02-08 09:41:27.987root 11241100x8000000000000000258239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9514e8d4ab8ca42023-02-08 09:41:27.987root 11241100x8000000000000000258238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1101e5f79f223f822023-02-08 09:41:27.987root 11241100x8000000000000000258237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80dfcdfe34c53c6f2023-02-08 09:41:27.987root 11241100x8000000000000000258236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a129145d5ebe3cc22023-02-08 09:41:27.987root 11241100x8000000000000000258235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95680151d77560612023-02-08 09:41:27.987root 11241100x8000000000000000258234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e7a555ac7c175002023-02-08 09:41:27.987root 11241100x8000000000000000258233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.206c8653890f8f0a2023-02-08 09:41:27.987root 11241100x8000000000000000258232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d9271b572519662023-02-08 09:41:27.987root 11241100x8000000000000000258231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.402c4b46f97159e52023-02-08 09:41:27.987root 11241100x8000000000000000258250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9f82a3867ce076f2023-02-08 09:41:27.988root 11241100x8000000000000000258249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.409fd388666b69232023-02-08 09:41:27.988root 11241100x8000000000000000258248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce433edb32f78cdb2023-02-08 09:41:27.988root 11241100x8000000000000000258247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c89a68d2e1e357532023-02-08 09:41:27.988root 11241100x8000000000000000258246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.748d36d5484cd7442023-02-08 09:41:27.988root 11241100x8000000000000000258245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36afa072029e6a7f2023-02-08 09:41:27.988root 11241100x8000000000000000258244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70cd777e1c9e43dd2023-02-08 09:41:27.988root 11241100x8000000000000000258243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f979674d6d6cf5c72023-02-08 09:41:27.988root 11241100x8000000000000000258242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f031ca315d17d182023-02-08 09:41:27.988root 11241100x8000000000000000258241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc055add75da69972023-02-08 09:41:27.988root 11241100x8000000000000000258261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa2973b79b42472b2023-02-08 09:41:27.989root 11241100x8000000000000000258260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1155751ff258c462023-02-08 09:41:27.989root 11241100x8000000000000000258259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fbe183e70bc01272023-02-08 09:41:27.989root 11241100x8000000000000000258258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db93b3e6491183e12023-02-08 09:41:27.989root 11241100x8000000000000000258257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2813d13928048d72023-02-08 09:41:27.989root 11241100x8000000000000000258256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.636cc9c7f5eb4b0c2023-02-08 09:41:27.989root 11241100x8000000000000000258255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b23c376a63195cad2023-02-08 09:41:27.989root 11241100x8000000000000000258254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d4089ec8c21d2382023-02-08 09:41:27.989root 11241100x8000000000000000258253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18fb26d28de639dd2023-02-08 09:41:27.989root 11241100x8000000000000000258252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.814f539d23f225f82023-02-08 09:41:27.989root 11241100x8000000000000000258251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.898ed803c2e33b2d2023-02-08 09:41:27.989root 11241100x8000000000000000258267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9052f2dbc98e0dd32023-02-08 09:41:27.990root 11241100x8000000000000000258266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d600fe7a13902822023-02-08 09:41:27.990root 11241100x8000000000000000258265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf67a2765378ebc2023-02-08 09:41:27.990root 11241100x8000000000000000258264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bcadae41d06b1092023-02-08 09:41:27.990root 11241100x8000000000000000258263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.447380c15d9781f22023-02-08 09:41:27.990root 11241100x8000000000000000258262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed6b46b9668e5aa2023-02-08 09:41:27.990root 11241100x8000000000000000258268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9b510455a2bc6812023-02-08 09:41:28.485root 11241100x8000000000000000258275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e075ca964662f92023-02-08 09:41:28.486root 11241100x8000000000000000258274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47b54ed835c452fd2023-02-08 09:41:28.486root 11241100x8000000000000000258273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b55896cbb58cf072023-02-08 09:41:28.486root 11241100x8000000000000000258272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df3af5935c4a7792023-02-08 09:41:28.486root 11241100x8000000000000000258271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f0025d0eb7ca002023-02-08 09:41:28.486root 11241100x8000000000000000258270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c1c1bc88f9219092023-02-08 09:41:28.486root 11241100x8000000000000000258269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7704e5a6123fd93c2023-02-08 09:41:28.486root 11241100x8000000000000000258285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e4f8353ba7e6acb2023-02-08 09:41:28.487root 11241100x8000000000000000258284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4dd4b070bee79f72023-02-08 09:41:28.487root 11241100x8000000000000000258283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99261f990645e1952023-02-08 09:41:28.487root 11241100x8000000000000000258282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63cef1d8117f9c452023-02-08 09:41:28.487root 11241100x8000000000000000258281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5da2a210a99e7862023-02-08 09:41:28.487root 11241100x8000000000000000258280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e4b9569910c8a132023-02-08 09:41:28.487root 11241100x8000000000000000258279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2393012df08b4d72023-02-08 09:41:28.487root 11241100x8000000000000000258278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae404e07c7b54522023-02-08 09:41:28.487root 11241100x8000000000000000258277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.118e7f86810e7ee12023-02-08 09:41:28.487root 11241100x8000000000000000258276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59b7bcb7503cf8072023-02-08 09:41:28.487root 11241100x8000000000000000258296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94dbfc94867d20912023-02-08 09:41:28.488root 11241100x8000000000000000258295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.100717a53e3f54f52023-02-08 09:41:28.488root 11241100x8000000000000000258294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd06211b719446bd2023-02-08 09:41:28.488root 11241100x8000000000000000258293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e5681e182d8378b2023-02-08 09:41:28.488root 11241100x8000000000000000258292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22906c529b00fd952023-02-08 09:41:28.488root 11241100x8000000000000000258291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae063976d79009452023-02-08 09:41:28.488root 11241100x8000000000000000258290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.febf2b140f49f4c92023-02-08 09:41:28.488root 11241100x8000000000000000258289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df0185b1eac1adb12023-02-08 09:41:28.488root 11241100x8000000000000000258288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63154844bed8de212023-02-08 09:41:28.488root 11241100x8000000000000000258287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d91d3475530b11d2023-02-08 09:41:28.488root 11241100x8000000000000000258286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76135d7d68d909492023-02-08 09:41:28.488root 11241100x8000000000000000258306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4be18cf67cd2d712023-02-08 09:41:28.489root 11241100x8000000000000000258305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.301eacf4a0db91f02023-02-08 09:41:28.489root 11241100x8000000000000000258304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfde5e906800527a2023-02-08 09:41:28.489root 11241100x8000000000000000258303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d3f4ab8357dc03f2023-02-08 09:41:28.489root 11241100x8000000000000000258302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00203c51654113ae2023-02-08 09:41:28.489root 11241100x8000000000000000258301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c573864d0c69724a2023-02-08 09:41:28.489root 11241100x8000000000000000258300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eab9c70c3a831ce2023-02-08 09:41:28.489root 11241100x8000000000000000258299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d5ad178c690e3852023-02-08 09:41:28.489root 11241100x8000000000000000258298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.061eacb2013fb2e82023-02-08 09:41:28.489root 11241100x8000000000000000258297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c86d2fa544e11642023-02-08 09:41:28.489root 11241100x8000000000000000258314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0ba4455075f3002023-02-08 09:41:28.490root 11241100x8000000000000000258313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa554ca98ee0e3ab2023-02-08 09:41:28.490root 11241100x8000000000000000258312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab29e01ccf45ad302023-02-08 09:41:28.490root 11241100x8000000000000000258311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8d4b7c0c3ad3982023-02-08 09:41:28.490root 11241100x8000000000000000258310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a45011c76200ed2023-02-08 09:41:28.490root 11241100x8000000000000000258309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e79e54ee2419dee82023-02-08 09:41:28.490root 11241100x8000000000000000258308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d682a80c48cc486e2023-02-08 09:41:28.490root 11241100x8000000000000000258307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bebdb66167829a072023-02-08 09:41:28.490root 11241100x8000000000000000258318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc1dbf3e61e47bd12023-02-08 09:41:28.985root 11241100x8000000000000000258317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b2e5117b411fe662023-02-08 09:41:28.985root 11241100x8000000000000000258316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3fae1822b6ec0852023-02-08 09:41:28.985root 11241100x8000000000000000258315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f0810836703d46f2023-02-08 09:41:28.985root 11241100x8000000000000000258328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c512eff0a612be2023-02-08 09:41:28.986root 11241100x8000000000000000258327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62337e68e3aaf7f72023-02-08 09:41:28.986root 11241100x8000000000000000258326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.612b6e3a9a80abf82023-02-08 09:41:28.986root 11241100x8000000000000000258325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1eab4efeeb92e482023-02-08 09:41:28.986root 11241100x8000000000000000258324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbf02373d43a09c22023-02-08 09:41:28.986root 11241100x8000000000000000258323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4601f7b64330fcd2023-02-08 09:41:28.986root 11241100x8000000000000000258322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e67909ed3dcec92a2023-02-08 09:41:28.986root 11241100x8000000000000000258321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85235594f431bc432023-02-08 09:41:28.986root 11241100x8000000000000000258320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e0521ae60946fed2023-02-08 09:41:28.986root 11241100x8000000000000000258319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67ffa205e3afe3152023-02-08 09:41:28.986root 11241100x8000000000000000258338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d4f3ca380d4672d2023-02-08 09:41:28.987root 11241100x8000000000000000258337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b97af1daf374b5d72023-02-08 09:41:28.987root 11241100x8000000000000000258336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfbd7373237c9ae32023-02-08 09:41:28.987root 11241100x8000000000000000258335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4978aea98bc8051b2023-02-08 09:41:28.987root 11241100x8000000000000000258334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea795ce5481b14ef2023-02-08 09:41:28.987root 11241100x8000000000000000258333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a120ff3370c64cc2023-02-08 09:41:28.987root 11241100x8000000000000000258332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78cef989b563b21d2023-02-08 09:41:28.987root 11241100x8000000000000000258331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb352b37a4dc779c2023-02-08 09:41:28.987root 11241100x8000000000000000258330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6468884ac64e58772023-02-08 09:41:28.987root 11241100x8000000000000000258329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb0f8f4d9ccc072b2023-02-08 09:41:28.987root 11241100x8000000000000000258349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8820de94d6353b2023-02-08 09:41:28.988root 11241100x8000000000000000258348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2f58737f5cd30a72023-02-08 09:41:28.988root 11241100x8000000000000000258347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8732e362c6eb2a8d2023-02-08 09:41:28.988root 11241100x8000000000000000258346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7254d876e79bef0e2023-02-08 09:41:28.988root 11241100x8000000000000000258345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2eb2cc78fe7759f2023-02-08 09:41:28.988root 11241100x8000000000000000258344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac73896efd3b88ca2023-02-08 09:41:28.988root 11241100x8000000000000000258343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ee4a7189f3f14472023-02-08 09:41:28.988root 11241100x8000000000000000258342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6ce52da92761872023-02-08 09:41:28.988root 11241100x8000000000000000258341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cb0d67167703a352023-02-08 09:41:28.988root 11241100x8000000000000000258340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe49d27823d77d72023-02-08 09:41:28.988root 11241100x8000000000000000258339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8baa09e36d1b2b262023-02-08 09:41:28.988root 11241100x8000000000000000258360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81efc0c0a5a902ec2023-02-08 09:41:28.989root 11241100x8000000000000000258359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c82d53cd77709e2023-02-08 09:41:28.989root 11241100x8000000000000000258358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2788dd15d7a43cb72023-02-08 09:41:28.989root 11241100x8000000000000000258357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef20a5a9d2dc6e82023-02-08 09:41:28.989root 11241100x8000000000000000258356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab3002ca53597722023-02-08 09:41:28.989root 11241100x8000000000000000258355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06faebeb8bf5f9972023-02-08 09:41:28.989root 11241100x8000000000000000258354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e60aefa0efbf15a82023-02-08 09:41:28.989root 11241100x8000000000000000258353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33883e4ed0929c512023-02-08 09:41:28.989root 11241100x8000000000000000258352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8595f2b6ccfd14c72023-02-08 09:41:28.989root 11241100x8000000000000000258351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80fc020e2ff8d9d22023-02-08 09:41:28.989root 11241100x8000000000000000258350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.869c0802246b4aee2023-02-08 09:41:28.989root 11241100x8000000000000000258361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dafa3409471399162023-02-08 09:41:28.990root 11241100x8000000000000000258363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e8028c542c4f2362023-02-08 09:41:29.485root 11241100x8000000000000000258362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1633e230c897fe902023-02-08 09:41:29.485root 11241100x8000000000000000258379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9268980c0860c1e2023-02-08 09:41:29.486root 11241100x8000000000000000258378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2291f71101ec7bf72023-02-08 09:41:29.486root 11241100x8000000000000000258377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c901efe7caef8692023-02-08 09:41:29.486root 11241100x8000000000000000258376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0954b9d227de18dd2023-02-08 09:41:29.486root 11241100x8000000000000000258375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c558bd69515260d22023-02-08 09:41:29.486root 11241100x8000000000000000258374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c8b380adfa7f09d2023-02-08 09:41:29.486root 11241100x8000000000000000258373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1f427fa060bd8e42023-02-08 09:41:29.486root 11241100x8000000000000000258372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d03af89f855941a2023-02-08 09:41:29.486root 11241100x8000000000000000258371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b17c156d5a1e1b02023-02-08 09:41:29.486root 11241100x8000000000000000258370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15d108093736c71a2023-02-08 09:41:29.486root 11241100x8000000000000000258369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b89543c66548342023-02-08 09:41:29.486root 11241100x8000000000000000258368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1aeeeed8bdcdfa82023-02-08 09:41:29.486root 11241100x8000000000000000258367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbd696cd80c5f8ed2023-02-08 09:41:29.486root 11241100x8000000000000000258366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da955164aea7e152023-02-08 09:41:29.486root 11241100x8000000000000000258365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1766efb5624d9fcd2023-02-08 09:41:29.486root 11241100x8000000000000000258364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d041e3478de87d9f2023-02-08 09:41:29.486root 11241100x8000000000000000258394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30564043405cde472023-02-08 09:41:29.487root 11241100x8000000000000000258393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8620cc0ee0bd49f2023-02-08 09:41:29.487root 11241100x8000000000000000258392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d26031c82afdbf772023-02-08 09:41:29.487root 11241100x8000000000000000258391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b305acc1a6002c12023-02-08 09:41:29.487root 11241100x8000000000000000258390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b76a35dfafdec492023-02-08 09:41:29.487root 11241100x8000000000000000258389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c534cc83c852ac2023-02-08 09:41:29.487root 11241100x8000000000000000258388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e33d17aa4ccad062023-02-08 09:41:29.487root 11241100x8000000000000000258387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.755dcad5ec227e4d2023-02-08 09:41:29.487root 11241100x8000000000000000258386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae787173ed1fa26b2023-02-08 09:41:29.487root 11241100x8000000000000000258385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c9a73086ef6406c2023-02-08 09:41:29.487root 11241100x8000000000000000258384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96104e9c0f7eb70f2023-02-08 09:41:29.487root 11241100x8000000000000000258383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3a233fda20d762c2023-02-08 09:41:29.487root 11241100x8000000000000000258382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.580dc80406481ef02023-02-08 09:41:29.487root 11241100x8000000000000000258381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30893fb4f806be7c2023-02-08 09:41:29.487root 11241100x8000000000000000258380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8838d76a1e07ad452023-02-08 09:41:29.487root 354300x8000000000000000258443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:35.131{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-55374-false10.0.1.12-8000- 11241100x8000000000000000258444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:35.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cda338731be1e20b2023-02-08 09:41:35.484root 11241100x8000000000000000258445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:35.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c56fb87b06d97e3c2023-02-08 09:41:35.984root 11241100x8000000000000000258447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:36.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7427406cd188d962023-02-08 09:41:36.365root 11241100x8000000000000000258446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:36.365{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2023-02-08 09:41:36.365root 11241100x8000000000000000258449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:36.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5069937c41c6463b2023-02-08 09:41:36.734root 11241100x8000000000000000258448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:36.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58854f9af2e826012023-02-08 09:41:36.734root 11241100x8000000000000000258451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:37.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.588f3f94a09b99572023-02-08 09:41:37.234root 11241100x8000000000000000258450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:37.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b0a542f19a1b75b2023-02-08 09:41:37.234root 11241100x8000000000000000258453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:37.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9fd22918f4197bd2023-02-08 09:41:37.734root 11241100x8000000000000000258452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:37.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2fee6e23572322f2023-02-08 09:41:37.734root 11241100x8000000000000000258455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:38.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5894df474ff45ba2023-02-08 09:41:38.234root 11241100x8000000000000000258454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:38.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e11e52871d7e00d2023-02-08 09:41:38.234root 11241100x8000000000000000258457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:38.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c697b1777d9677a2023-02-08 09:41:38.734root 11241100x8000000000000000258456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:38.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb518ae04819b8b2023-02-08 09:41:38.734root 11241100x8000000000000000258459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:39.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55189194dc85fa952023-02-08 09:41:39.234root 11241100x8000000000000000258458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:39.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af5606851ee539052023-02-08 09:41:39.234root 23542300x8000000000000000258460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:39.367{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000258463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:39.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7a256d9132c9c82023-02-08 09:41:39.734root 11241100x8000000000000000258462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:39.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f4a6809d707d0e2023-02-08 09:41:39.734root 11241100x8000000000000000258461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:39.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de4e61096ee784a82023-02-08 09:41:39.734root 11241100x8000000000000000258465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:40.148{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ac9b767ca64dfa2023-02-08 09:41:40.148root 354300x8000000000000000258464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:40.148{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-48162-false10.0.1.12-8000- 11241100x8000000000000000258468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:40.149{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.725032927a77e07d2023-02-08 09:41:40.149root 11241100x8000000000000000258467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:40.149{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5417569ee40ca9762023-02-08 09:41:40.149root 11241100x8000000000000000258466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:40.149{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c1cbed15b8ca9522023-02-08 09:41:40.149root 11241100x8000000000000000258472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:40.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f30150f7b7bff0942023-02-08 09:41:40.484root 11241100x8000000000000000258471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:40.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b076c6f0383f6792023-02-08 09:41:40.484root 11241100x8000000000000000258470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:40.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da1079e5539410a92023-02-08 09:41:40.484root 11241100x8000000000000000258469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:40.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdef3318809a3f282023-02-08 09:41:40.484root 11241100x8000000000000000258476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:40.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b193595f7d2e5a602023-02-08 09:41:40.984root 11241100x8000000000000000258475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:40.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34090b7c6528ee3d2023-02-08 09:41:40.984root 11241100x8000000000000000258474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:40.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9da449a1dea6e192023-02-08 09:41:40.984root 11241100x8000000000000000258473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:40.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60b91378f4b23d142023-02-08 09:41:40.984root 11241100x8000000000000000258480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:41.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e9f75b84a8d8a4f2023-02-08 09:41:41.484root 11241100x8000000000000000258479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:41.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.542d9345448c4aba2023-02-08 09:41:41.484root 11241100x8000000000000000258478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:41.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd46114238474d82023-02-08 09:41:41.484root 11241100x8000000000000000258477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:41.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cb5a0c802eab7df2023-02-08 09:41:41.484root 11241100x8000000000000000258484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:41.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0862a41ba32b29b72023-02-08 09:41:41.984root 11241100x8000000000000000258483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:41.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe19b08f3d15490d2023-02-08 09:41:41.984root 11241100x8000000000000000258482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:41.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233bb6ec30ad62d92023-02-08 09:41:41.984root 11241100x8000000000000000258481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:41.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4687a1d56bf1230e2023-02-08 09:41:41.984root 11241100x8000000000000000258488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:42.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a45241d5ef2d51b2023-02-08 09:41:42.484root 11241100x8000000000000000258487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:42.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.166f592e45e4f5632023-02-08 09:41:42.484root 11241100x8000000000000000258486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:42.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ae2f2e0586d0d22023-02-08 09:41:42.484root 11241100x8000000000000000258485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:42.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c697783fe1edd942023-02-08 09:41:42.484root 11241100x8000000000000000258492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:42.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea8bf750949decb2023-02-08 09:41:42.984root 11241100x8000000000000000258491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:42.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baed6da2f531d6692023-02-08 09:41:42.984root 11241100x8000000000000000258490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:42.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.576137df9173e2c22023-02-08 09:41:42.984root 11241100x8000000000000000258489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:42.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc7be32dc34cd632023-02-08 09:41:42.984root 11241100x8000000000000000258496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:43.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c4434f4169b1872023-02-08 09:41:43.484root 11241100x8000000000000000258495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:43.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9d6e04bed1548fd2023-02-08 09:41:43.484root 11241100x8000000000000000258494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:43.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a298fe6a2f0cd49f2023-02-08 09:41:43.484root 11241100x8000000000000000258493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:43.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5cb1256f20129e92023-02-08 09:41:43.484root 11241100x8000000000000000258500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:43.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1427adfea91534b52023-02-08 09:41:43.984root 11241100x8000000000000000258499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:43.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a2bb0f2c55617c12023-02-08 09:41:43.984root 11241100x8000000000000000258498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:43.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ad2e1ac26522512023-02-08 09:41:43.984root 11241100x8000000000000000258497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:43.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3860d46e87514412023-02-08 09:41:43.984root 11241100x8000000000000000258504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:44.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.339f3d79800d67cd2023-02-08 09:41:44.484root 11241100x8000000000000000258503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:44.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b925083841ae73a2023-02-08 09:41:44.484root 11241100x8000000000000000258502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:44.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76684b6b1a4d7c7f2023-02-08 09:41:44.484root 11241100x8000000000000000258501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:44.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c41e659c05259fd2023-02-08 09:41:44.484root 11241100x8000000000000000258508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:44.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28bfcd94d2e288422023-02-08 09:41:44.984root 11241100x8000000000000000258507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:44.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf36cc6d81ab59a12023-02-08 09:41:44.984root 11241100x8000000000000000258506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:44.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45788998d9991b792023-02-08 09:41:44.984root 11241100x8000000000000000258505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:44.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dee81852350c09422023-02-08 09:41:44.984root 354300x8000000000000000258509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:45.216{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-48170-false10.0.1.12-8000- 11241100x8000000000000000258514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:45.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c47e13809def302023-02-08 09:41:45.484root 11241100x8000000000000000258513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:45.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf1a92cb1af6b3e2023-02-08 09:41:45.484root 11241100x8000000000000000258512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:45.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48cdc7252126b8902023-02-08 09:41:45.484root 11241100x8000000000000000258511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:45.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.605495e2ed5100fc2023-02-08 09:41:45.484root 11241100x8000000000000000258510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:45.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9608b3aa3ae41ad22023-02-08 09:41:45.484root 11241100x8000000000000000258515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:45.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a79f82de9d135112023-02-08 09:41:45.984root 11241100x8000000000000000258519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58d15defc83053c62023-02-08 09:41:45.985root 11241100x8000000000000000258518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5649e3c5ffac6ad2023-02-08 09:41:45.985root 11241100x8000000000000000258517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b54d30f85ed4f5e22023-02-08 09:41:45.985root 11241100x8000000000000000258516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93556111cab516f52023-02-08 09:41:45.985root 11241100x8000000000000000258521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:46.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eeaa10445f9b3c22023-02-08 09:41:46.484root 11241100x8000000000000000258520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:46.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.616dc024a908fafb2023-02-08 09:41:46.484root 11241100x8000000000000000258524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.725196272d716e612023-02-08 09:41:46.485root 11241100x8000000000000000258523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc8168f0580513302023-02-08 09:41:46.485root 11241100x8000000000000000258522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.034a5d37223633e22023-02-08 09:41:46.485root 11241100x8000000000000000258525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:46.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf237c9f0bb989ab2023-02-08 09:41:46.984root 11241100x8000000000000000258529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e182c9925da65bf92023-02-08 09:41:46.985root 11241100x8000000000000000258528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e90bb4389052794a2023-02-08 09:41:46.985root 11241100x8000000000000000258527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9ae64be4ef6e6d2023-02-08 09:41:46.985root 11241100x8000000000000000258526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68bfe134116b6ff82023-02-08 09:41:46.985root 11241100x8000000000000000258534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:47.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0651c866ff5ba1572023-02-08 09:41:47.484root 11241100x8000000000000000258533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:47.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.600093179591cdf12023-02-08 09:41:47.484root 11241100x8000000000000000258532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:47.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d61981555154bf92023-02-08 09:41:47.484root 11241100x8000000000000000258531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:47.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eeac105952613772023-02-08 09:41:47.484root 11241100x8000000000000000258530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:47.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.790e1cc2ff5dc8bc2023-02-08 09:41:47.484root 11241100x8000000000000000258539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:47.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1242df0345178dbd2023-02-08 09:41:47.984root 11241100x8000000000000000258538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:47.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e50bdc68808d96d2023-02-08 09:41:47.984root 11241100x8000000000000000258537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:47.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3844be4afb48ee082023-02-08 09:41:47.984root 11241100x8000000000000000258536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:47.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff823ec2ed15ff072023-02-08 09:41:47.984root 11241100x8000000000000000258535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:47.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3796b355f8ee2442023-02-08 09:41:47.984root 11241100x8000000000000000258544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:48.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd3dfd46d8ee0e772023-02-08 09:41:48.484root 11241100x8000000000000000258543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:48.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.014832eec0fb5dc22023-02-08 09:41:48.484root 11241100x8000000000000000258542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:48.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.028f04e5b7d9230a2023-02-08 09:41:48.484root 11241100x8000000000000000258541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:48.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f860589c9a14b0302023-02-08 09:41:48.484root 11241100x8000000000000000258540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:48.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff8f2d098a6e04c72023-02-08 09:41:48.484root 11241100x8000000000000000258549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:48.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f60d563a4cb5442023-02-08 09:41:48.984root 11241100x8000000000000000258548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:48.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe5c99d5561e0ff2023-02-08 09:41:48.984root 11241100x8000000000000000258547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:48.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00a03e568e9078e52023-02-08 09:41:48.984root 11241100x8000000000000000258546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:48.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79e91f1ec56a85282023-02-08 09:41:48.984root 11241100x8000000000000000258545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:48.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a471ae1eafd40d4e2023-02-08 09:41:48.984root 11241100x8000000000000000258554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:49.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89ac1b0e1bd0c55c2023-02-08 09:41:49.484root 11241100x8000000000000000258553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:49.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f28eb1c9add30b2e2023-02-08 09:41:49.484root 11241100x8000000000000000258552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:49.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad319a90c412e30d2023-02-08 09:41:49.484root 11241100x8000000000000000258551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:49.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b359ffef7659f512023-02-08 09:41:49.484root 11241100x8000000000000000258550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:49.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c07539d09817b61d2023-02-08 09:41:49.484root 11241100x8000000000000000258559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:49.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f688aa99eaa3df2023-02-08 09:41:49.984root 11241100x8000000000000000258558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:49.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d0f93161af7e85f2023-02-08 09:41:49.984root 11241100x8000000000000000258557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:49.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43f42c61f5401f5a2023-02-08 09:41:49.984root 11241100x8000000000000000258556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:49.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a61c8a6030ad9a42023-02-08 09:41:49.984root 11241100x8000000000000000258555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:49.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a85748c69231e582023-02-08 09:41:49.984root 354300x8000000000000000258560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:50.223{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-45102-false10.0.1.12-8000- 11241100x8000000000000000258566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:50.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe5b8ab696392182023-02-08 09:41:50.484root 11241100x8000000000000000258565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:50.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1095a51fd0f720752023-02-08 09:41:50.484root 11241100x8000000000000000258564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:50.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9dfc6df7601d9472023-02-08 09:41:50.484root 11241100x8000000000000000258563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:50.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a031c751abd3b702023-02-08 09:41:50.484root 11241100x8000000000000000258562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:50.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e7e23b7a42211c02023-02-08 09:41:50.484root 11241100x8000000000000000258561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:50.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb99b76f0ba9b7912023-02-08 09:41:50.484root 11241100x8000000000000000258568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:50.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.773dd25d90651d592023-02-08 09:41:50.984root 11241100x8000000000000000258567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:50.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d64bdce2d1dd4e992023-02-08 09:41:50.984root 11241100x8000000000000000258570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e71b70b4b9c569d42023-02-08 09:41:50.985root 11241100x8000000000000000258569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95249b8253c44b792023-02-08 09:41:50.985root 11241100x8000000000000000258572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ad0994c276620dc2023-02-08 09:41:50.986root 11241100x8000000000000000258571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cbc877a85defb7e2023-02-08 09:41:50.986root 11241100x8000000000000000258575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:51.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e076f07b8d23b7152023-02-08 09:41:51.484root 11241100x8000000000000000258574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:51.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2197b8a7ce0fdbbb2023-02-08 09:41:51.484root 11241100x8000000000000000258573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:51.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d058963ff09ece7d2023-02-08 09:41:51.484root 11241100x8000000000000000258578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20506e8c47b714992023-02-08 09:41:51.485root 11241100x8000000000000000258577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d4a784e44846262023-02-08 09:41:51.485root 11241100x8000000000000000258576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7b30ee8d9e2e59d2023-02-08 09:41:51.485root 11241100x8000000000000000258584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:51.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30cd60c9cbd580e02023-02-08 09:41:51.984root 11241100x8000000000000000258583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:51.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a8efe533787b4c2023-02-08 09:41:51.984root 11241100x8000000000000000258582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:51.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5afd464310d6ad232023-02-08 09:41:51.984root 11241100x8000000000000000258581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:51.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a1871244af49ec12023-02-08 09:41:51.984root 11241100x8000000000000000258580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:51.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6a7417dddc1f3e42023-02-08 09:41:51.984root 11241100x8000000000000000258579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:51.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b03de41aff09b5f82023-02-08 09:41:51.984root 11241100x8000000000000000258590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:52.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0547b586f61e2862023-02-08 09:41:52.484root 11241100x8000000000000000258589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:52.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5cc9f5744b889dd2023-02-08 09:41:52.484root 11241100x8000000000000000258588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:52.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.748273aff43224272023-02-08 09:41:52.484root 11241100x8000000000000000258587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:52.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07b626a82443c6102023-02-08 09:41:52.484root 11241100x8000000000000000258586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:52.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d5c3e05338ffabb2023-02-08 09:41:52.484root 11241100x8000000000000000258585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:52.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01103c9e87b40fe22023-02-08 09:41:52.484root 11241100x8000000000000000258596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:52.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.364fe8db3e8982322023-02-08 09:41:52.984root 11241100x8000000000000000258595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:52.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c184a76e8dcdc8442023-02-08 09:41:52.984root 11241100x8000000000000000258594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:52.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79914724cc03b2012023-02-08 09:41:52.984root 11241100x8000000000000000258593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:52.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d73d2415f7ee82d2023-02-08 09:41:52.984root 11241100x8000000000000000258592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:52.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2452f5a60c0af9cf2023-02-08 09:41:52.984root 11241100x8000000000000000258591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:52.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb157136d034f32c2023-02-08 09:41:52.984root 11241100x8000000000000000258602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:53.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91ac3841997405fe2023-02-08 09:41:53.484root 11241100x8000000000000000258601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:53.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bff9e4d29fd6e7d2023-02-08 09:41:53.484root 11241100x8000000000000000258600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:53.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c7de7241412df72023-02-08 09:41:53.484root 11241100x8000000000000000258599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:53.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.849edd5e33de66e42023-02-08 09:41:53.484root 11241100x8000000000000000258598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:53.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05bbb05d78729a682023-02-08 09:41:53.484root 11241100x8000000000000000258597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:53.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb062658206f01ed2023-02-08 09:41:53.484root 11241100x8000000000000000258608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:53.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bdb5b930d10363c2023-02-08 09:41:53.984root 11241100x8000000000000000258607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:53.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.132b11f715a16fc02023-02-08 09:41:53.984root 11241100x8000000000000000258606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:53.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b048098c741563b2023-02-08 09:41:53.984root 11241100x8000000000000000258605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:53.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e095e04767b370d2023-02-08 09:41:53.984root 11241100x8000000000000000258604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:53.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec93ef1fda457de82023-02-08 09:41:53.984root 11241100x8000000000000000258603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:53.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b616a40c8a4987832023-02-08 09:41:53.984root 11241100x8000000000000000258614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:54.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d8fe625fb650c082023-02-08 09:41:54.484root 11241100x8000000000000000258613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:54.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.682cb517ecee01b62023-02-08 09:41:54.484root 11241100x8000000000000000258612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:54.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7363e68ebf33c8a02023-02-08 09:41:54.484root 11241100x8000000000000000258611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:54.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb468075f441f6502023-02-08 09:41:54.484root 11241100x8000000000000000258610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:54.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecceb55e7743c5f02023-02-08 09:41:54.484root 11241100x8000000000000000258609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:54.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed2e94c28d840aae2023-02-08 09:41:54.484root 11241100x8000000000000000258620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:54.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c487fabbc88ae9f2023-02-08 09:41:54.984root 11241100x8000000000000000258619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:54.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee0545c359923c52023-02-08 09:41:54.984root 11241100x8000000000000000258618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:54.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bdeae24ded3a1a62023-02-08 09:41:54.984root 11241100x8000000000000000258617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:54.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d534776bd37fa0b42023-02-08 09:41:54.984root 11241100x8000000000000000258616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:54.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9d4645b73e3f312023-02-08 09:41:54.984root 11241100x8000000000000000258615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:54.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac6309f68b04dc22023-02-08 09:41:54.984root 11241100x8000000000000000258626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:55.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f46ddab4ed5fccdf2023-02-08 09:41:55.484root 11241100x8000000000000000258625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:55.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.281e9c2760a76a232023-02-08 09:41:55.484root 11241100x8000000000000000258624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:55.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ddfc3e8723619232023-02-08 09:41:55.484root 11241100x8000000000000000258623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:55.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a865aab704d29112023-02-08 09:41:55.484root 11241100x8000000000000000258622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:55.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e2b690a780a7f502023-02-08 09:41:55.484root 11241100x8000000000000000258621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:55.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a91960cf320b05372023-02-08 09:41:55.484root 11241100x8000000000000000258632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:55.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c849f86946a810852023-02-08 09:41:55.984root 11241100x8000000000000000258631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:55.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45898bc481fe65bb2023-02-08 09:41:55.984root 11241100x8000000000000000258630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:55.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e39667537fb4fa682023-02-08 09:41:55.984root 11241100x8000000000000000258629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:55.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb577dbe22df89e2023-02-08 09:41:55.984root 11241100x8000000000000000258628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:55.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7128aa071f870492023-02-08 09:41:55.984root 11241100x8000000000000000258627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:55.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d584f595918b1382023-02-08 09:41:55.984root 354300x8000000000000000258633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:56.010{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-45114-false10.0.1.12-8000- 11241100x8000000000000000258638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:56.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2139dd4b8df23e022023-02-08 09:41:56.484root 11241100x8000000000000000258637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:56.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f1ee08cbfac6cc2023-02-08 09:41:56.484root 11241100x8000000000000000258636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:56.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74362a912ce6e0582023-02-08 09:41:56.484root 11241100x8000000000000000258635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:56.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8205f64dcc33aec72023-02-08 09:41:56.484root 11241100x8000000000000000258634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:56.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b82c9f27b098fe02023-02-08 09:41:56.484root 11241100x8000000000000000258640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.370fe1148c34c78a2023-02-08 09:41:56.485root 11241100x8000000000000000258639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaf9e7b9f9e12b112023-02-08 09:41:56.485root 11241100x8000000000000000258647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:56.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac113685ab9a68632023-02-08 09:41:56.984root 11241100x8000000000000000258646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:56.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3465749146e164292023-02-08 09:41:56.984root 11241100x8000000000000000258645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:56.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ac9ecca440a60492023-02-08 09:41:56.984root 11241100x8000000000000000258644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:56.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4929350e1cc34fa82023-02-08 09:41:56.984root 11241100x8000000000000000258643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:56.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8de47fc6c38873872023-02-08 09:41:56.984root 11241100x8000000000000000258642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:56.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f250b07fbbae21662023-02-08 09:41:56.984root 11241100x8000000000000000258641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:56.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c03f230eabfe812023-02-08 09:41:56.984root 11241100x8000000000000000258648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:57.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d4505a72322f602023-02-08 09:41:57.484root 11241100x8000000000000000258654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2c7bbb385aba82a2023-02-08 09:41:57.485root 11241100x8000000000000000258653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e65d2856b4dc0a32023-02-08 09:41:57.485root 11241100x8000000000000000258652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a2a9eded541e6412023-02-08 09:41:57.485root 11241100x8000000000000000258651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bce6784760cfa002023-02-08 09:41:57.485root 11241100x8000000000000000258650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeb30c4d5de6d46b2023-02-08 09:41:57.485root 11241100x8000000000000000258649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39a10fa4104131d52023-02-08 09:41:57.485root 11241100x8000000000000000258661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:57.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0858fc0a2e586fcb2023-02-08 09:41:57.984root 11241100x8000000000000000258660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:57.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29018f8278fc80e52023-02-08 09:41:57.984root 11241100x8000000000000000258659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:57.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc4195adc08097432023-02-08 09:41:57.984root 11241100x8000000000000000258658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:57.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef7a4932d26bcfc72023-02-08 09:41:57.984root 11241100x8000000000000000258657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:57.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da8aa68d481715aa2023-02-08 09:41:57.984root 11241100x8000000000000000258656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:57.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.640ffa0ec68452112023-02-08 09:41:57.984root 11241100x8000000000000000258655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:57.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d06230283a58ee2023-02-08 09:41:57.984root 11241100x8000000000000000258668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:58.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1e6fb569b7e65f12023-02-08 09:41:58.484root 11241100x8000000000000000258667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:58.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f066c198a3ebe92023-02-08 09:41:58.484root 11241100x8000000000000000258666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:58.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f5778568c94f67f2023-02-08 09:41:58.484root 11241100x8000000000000000258665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:58.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6020e59903604b72023-02-08 09:41:58.484root 11241100x8000000000000000258664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:58.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e62ddd7c5ce0fe142023-02-08 09:41:58.484root 11241100x8000000000000000258663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:58.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fe78cf3f411a67c2023-02-08 09:41:58.484root 11241100x8000000000000000258662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:58.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47fb5219685ade5e2023-02-08 09:41:58.484root 11241100x8000000000000000258672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:58.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e37bf58c2d711672023-02-08 09:41:58.984root 11241100x8000000000000000258671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:58.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab791c91b3409642023-02-08 09:41:58.984root 11241100x8000000000000000258670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:58.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b5b8e3d43210a6f2023-02-08 09:41:58.984root 11241100x8000000000000000258669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:58.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91d5e1e09cc821f62023-02-08 09:41:58.984root 11241100x8000000000000000258675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f784146d4775d6ea2023-02-08 09:41:58.985root 11241100x8000000000000000258674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e03c153746a36ad2023-02-08 09:41:58.985root 11241100x8000000000000000258673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.911ddbe0a48f34df2023-02-08 09:41:58.985root 11241100x8000000000000000258682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:59.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dfadb8b1f667dc02023-02-08 09:41:59.484root 11241100x8000000000000000258681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:59.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d4d08651fa5c66d2023-02-08 09:41:59.484root 11241100x8000000000000000258680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:59.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aa758e4d1ef21bc2023-02-08 09:41:59.484root 11241100x8000000000000000258679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:59.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83168d82bd755de72023-02-08 09:41:59.484root 11241100x8000000000000000258678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:59.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5230a3288dec36f12023-02-08 09:41:59.484root 11241100x8000000000000000258677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:59.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bff8820a0f2343a2023-02-08 09:41:59.484root 11241100x8000000000000000258676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:59.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbfaf911e2a041aa2023-02-08 09:41:59.484root 154100x8000000000000000258683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:59.800{ec2a0601-6e67-63e3-68f4-f4d5ce550000}5803/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/6312root{ec2a0601-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2404--- 11241100x8000000000000000258686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:59.801{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2399999dbdd519d2023-02-08 09:41:59.801root 11241100x8000000000000000258685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:59.801{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9fc1a932e8d15a2023-02-08 09:41:59.801root 11241100x8000000000000000258684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:59.801{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.346d5fceac43a4222023-02-08 09:41:59.801root 11241100x8000000000000000258691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:59.802{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d047b2d3a7e0fb2023-02-08 09:41:59.802root 11241100x8000000000000000258690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:59.802{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee454a7ebea204b02023-02-08 09:41:59.802root 11241100x8000000000000000258689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:59.802{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f3a59014f323b12023-02-08 09:41:59.802root 11241100x8000000000000000258688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:59.802{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e668f0b991470112023-02-08 09:41:59.802root 11241100x8000000000000000258687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:59.802{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6363ff99e3e970802023-02-08 09:41:59.802root 534500x8000000000000000258692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:59.814{ec2a0601-6e67-63e3-68f4-f4d5ce550000}5803/bin/psroot 11241100x8000000000000000258699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:00.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbc8b07422e05d5c2023-02-08 09:42:00.234root 11241100x8000000000000000258698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:00.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9165086ff3c504402023-02-08 09:42:00.234root 11241100x8000000000000000258697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:00.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44296bc0556b8bc32023-02-08 09:42:00.234root 11241100x8000000000000000258696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:00.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad1f7fd69166b0642023-02-08 09:42:00.234root 11241100x8000000000000000258695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:00.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae40fd8f951dcd242023-02-08 09:42:00.234root 11241100x8000000000000000258694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:00.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc2ae39e68f6618c2023-02-08 09:42:00.234root 11241100x8000000000000000258693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:00.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a0b47d0b3568c392023-02-08 09:42:00.234root 11241100x8000000000000000258701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:00.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4440ccf341c97d32023-02-08 09:42:00.235root 11241100x8000000000000000258700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:00.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc79b6d648b043b32023-02-08 09:42:00.235root 11241100x8000000000000000258710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:00.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0970196d342d33c82023-02-08 09:42:00.734root 11241100x8000000000000000258709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:00.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac9f96c56b06992d2023-02-08 09:42:00.734root 11241100x8000000000000000258708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:00.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.725408b57c7167952023-02-08 09:42:00.734root 11241100x8000000000000000258707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:00.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8911e70cf412c3f62023-02-08 09:42:00.734root 11241100x8000000000000000258706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:00.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8fc7f596d8468b02023-02-08 09:42:00.734root 11241100x8000000000000000258705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:00.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab302ffc604c3e082023-02-08 09:42:00.734root 11241100x8000000000000000258704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:00.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddbd619d09bc1d7e2023-02-08 09:42:00.734root 11241100x8000000000000000258703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:00.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7a899dafbeb44f12023-02-08 09:42:00.734root 11241100x8000000000000000258702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:00.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.501aa2583e43edc62023-02-08 09:42:00.734root 354300x8000000000000000258711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:01.067{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-59356-false10.0.1.12-8000- 11241100x8000000000000000258714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:01.068{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b76b3493bc5bad72023-02-08 09:42:01.068root 11241100x8000000000000000258713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:01.068{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f14331a2a7101692023-02-08 09:42:01.068root 11241100x8000000000000000258712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:01.068{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8abc91741a2970022023-02-08 09:42:01.068root 11241100x8000000000000000258718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:01.069{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af48121c07fb4cc52023-02-08 09:42:01.069root 11241100x8000000000000000258717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:01.069{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e13311c85a9c06102023-02-08 09:42:01.069root 11241100x8000000000000000258716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:01.069{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2936c4929a4746982023-02-08 09:42:01.069root 11241100x8000000000000000258715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:01.069{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38012cbc08affc4e2023-02-08 09:42:01.069root 11241100x8000000000000000258721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:01.070{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b20fbb112e7251952023-02-08 09:42:01.070root 11241100x8000000000000000258720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:01.070{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5dab178add4be02023-02-08 09:42:01.070root 11241100x8000000000000000258719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:01.070{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58269aba8a6c40372023-02-08 09:42:01.070root 11241100x8000000000000000258724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:01.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83049339a4455bec2023-02-08 09:42:01.484root 11241100x8000000000000000258723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:01.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e88b8323814168962023-02-08 09:42:01.484root 11241100x8000000000000000258722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:01.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059e231700589b312023-02-08 09:42:01.484root 11241100x8000000000000000258729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:01.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a249b21fac227e2023-02-08 09:42:01.485root 11241100x8000000000000000258728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:01.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24a2a89e0a5c2f9e2023-02-08 09:42:01.485root 11241100x8000000000000000258727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:01.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f89aa252b91a51ef2023-02-08 09:42:01.485root 11241100x8000000000000000258726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:01.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6fb1ec52a1960762023-02-08 09:42:01.485root 11241100x8000000000000000258725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:01.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d40d3edebe3cec32023-02-08 09:42:01.485root 11241100x8000000000000000258731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:01.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59a7db514d2321602023-02-08 09:42:01.486root 11241100x8000000000000000258730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:01.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b850209a6d99d3612023-02-08 09:42:01.486root 11241100x8000000000000000258733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:01.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4241e9de655017422023-02-08 09:42:01.984root 11241100x8000000000000000258732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:01.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5f5bc6fd825a712023-02-08 09:42:01.984root 11241100x8000000000000000258739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:01.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6db267f13e8643142023-02-08 09:42:01.985root 11241100x8000000000000000258738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:01.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00cfd4cdcdcd43552023-02-08 09:42:01.985root 11241100x8000000000000000258737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:01.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b8827b38b0da0012023-02-08 09:42:01.985root 11241100x8000000000000000258736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:01.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c170f55c4110a2c2023-02-08 09:42:01.985root 11241100x8000000000000000258735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:01.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5626e120b43893762023-02-08 09:42:01.985root 11241100x8000000000000000258734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:01.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f35c93103f46d21d2023-02-08 09:42:01.985root 11241100x8000000000000000258741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:01.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398b9d8c64abe6d72023-02-08 09:42:01.986root 11241100x8000000000000000258740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:01.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10a9e570ccdb14f2023-02-08 09:42:01.986root 11241100x8000000000000000258746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:02.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a201027d76005e02023-02-08 09:42:02.484root 11241100x8000000000000000258745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:02.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6276c17b861b99c2023-02-08 09:42:02.484root 11241100x8000000000000000258744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:02.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a901ab233981522023-02-08 09:42:02.484root 11241100x8000000000000000258743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:02.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.087913f2ab6f1f272023-02-08 09:42:02.484root 11241100x8000000000000000258742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:02.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f64968319d2f64772023-02-08 09:42:02.484root 11241100x8000000000000000258751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:02.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01f83cc6cf4e52db2023-02-08 09:42:02.485root 11241100x8000000000000000258750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:02.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22d08b273df9420e2023-02-08 09:42:02.485root 11241100x8000000000000000258749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:02.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3babe831492657252023-02-08 09:42:02.485root 11241100x8000000000000000258748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:02.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.914eabd40433b86c2023-02-08 09:42:02.485root 11241100x8000000000000000258747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:02.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f9c3950d7abe462023-02-08 09:42:02.485root 11241100x8000000000000000258760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:02.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.213902cfe52b1f332023-02-08 09:42:02.984root 11241100x8000000000000000258759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:02.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7586d3f4d49a9e2e2023-02-08 09:42:02.984root 11241100x8000000000000000258758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:02.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.955748794028bc8d2023-02-08 09:42:02.984root 11241100x8000000000000000258757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:02.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c3f212354b4bdd92023-02-08 09:42:02.984root 11241100x8000000000000000258756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:02.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d764173f28d8a1b2023-02-08 09:42:02.984root 11241100x8000000000000000258755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:02.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42572321a3dadc8c2023-02-08 09:42:02.984root 11241100x8000000000000000258754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:02.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad2bdc5505501c02023-02-08 09:42:02.984root 11241100x8000000000000000258753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:02.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69275827c132b5572023-02-08 09:42:02.984root 11241100x8000000000000000258752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:02.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e51085beb36eb02023-02-08 09:42:02.984root 11241100x8000000000000000258761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:02.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc1256a16c98531f2023-02-08 09:42:02.985root 11241100x8000000000000000258768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:03.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8fe3bcf436b253e2023-02-08 09:42:03.484root 11241100x8000000000000000258767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:03.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c25c4d9804ed33a12023-02-08 09:42:03.484root 11241100x8000000000000000258766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:03.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0daf06ed2381c5df2023-02-08 09:42:03.484root 11241100x8000000000000000258765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:03.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f934f3775b872ae52023-02-08 09:42:03.484root 11241100x8000000000000000258764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:03.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f0b8a13bca4dc432023-02-08 09:42:03.484root 11241100x8000000000000000258763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:03.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.974e37027ca6a7192023-02-08 09:42:03.484root 11241100x8000000000000000258762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:03.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b08a9f576eb3f062023-02-08 09:42:03.484root 11241100x8000000000000000258771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:03.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f74f7d88e1d100012023-02-08 09:42:03.485root 11241100x8000000000000000258770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:03.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d34dec51774b2b5c2023-02-08 09:42:03.485root 11241100x8000000000000000258769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:03.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9458e0e0ee2f3fac2023-02-08 09:42:03.485root 11241100x8000000000000000258774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:03.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c1672934f2ab2072023-02-08 09:42:03.984root 11241100x8000000000000000258773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:03.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b60e05e66c55848a2023-02-08 09:42:03.984root 11241100x8000000000000000258772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:03.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61f038a350bf7cd02023-02-08 09:42:03.984root 11241100x8000000000000000258780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:03.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.694cea979d44c1dd2023-02-08 09:42:03.985root 11241100x8000000000000000258779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:03.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f010282b1794c4b2023-02-08 09:42:03.985root 11241100x8000000000000000258778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:03.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc3e3341f38da0a2023-02-08 09:42:03.985root 11241100x8000000000000000258777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:03.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac962e036b44457f2023-02-08 09:42:03.985root 11241100x8000000000000000258776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:03.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b03cdd687fc37482023-02-08 09:42:03.985root 11241100x8000000000000000258775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:03.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db15ceab8480c52f2023-02-08 09:42:03.985root 11241100x8000000000000000258781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:03.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6bc2a37f17c64982023-02-08 09:42:03.986root 11241100x8000000000000000258787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:04.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee1ff471a4cb6442023-02-08 09:42:04.484root 11241100x8000000000000000258786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:04.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eee3f9c86ac7f6a2023-02-08 09:42:04.484root 11241100x8000000000000000258785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:04.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c985350ca7938f2023-02-08 09:42:04.484root 11241100x8000000000000000258784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:04.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.526cc1a7381747992023-02-08 09:42:04.484root 11241100x8000000000000000258783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:04.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e24cd30a2725f7e2023-02-08 09:42:04.484root 11241100x8000000000000000258782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:04.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b43dbdbcb78da7062023-02-08 09:42:04.484root 11241100x8000000000000000258791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:04.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b348de94ee709d9b2023-02-08 09:42:04.485root 11241100x8000000000000000258790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:04.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a7dd12e0967e892023-02-08 09:42:04.485root 11241100x8000000000000000258789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:04.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e6d10721d83cc322023-02-08 09:42:04.485root 11241100x8000000000000000258788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:04.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e699e5e29710e1f02023-02-08 09:42:04.485root 11241100x8000000000000000258797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:04.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a06bc531e01c6502023-02-08 09:42:04.984root 11241100x8000000000000000258796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:04.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab074d5e3e284e1b2023-02-08 09:42:04.984root 11241100x8000000000000000258795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:04.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b18b17a97a33612023-02-08 09:42:04.984root 11241100x8000000000000000258794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:04.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8ccd5a7a8063f902023-02-08 09:42:04.984root 11241100x8000000000000000258793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:04.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0296c486927c7bde2023-02-08 09:42:04.984root 11241100x8000000000000000258792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:04.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f098a0e9329309ed2023-02-08 09:42:04.984root 11241100x8000000000000000258801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:04.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d73648858d283fd62023-02-08 09:42:04.985root 11241100x8000000000000000258800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:04.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e456ac4cb3b526342023-02-08 09:42:04.985root 11241100x8000000000000000258799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:04.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ed18fe99d3a1892023-02-08 09:42:04.985root 11241100x8000000000000000258798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:04.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b101b6a497c39cb02023-02-08 09:42:04.985root 11241100x8000000000000000258808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:05.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9e914a2fed8b8882023-02-08 09:42:05.484root 11241100x8000000000000000258807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:05.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0417f2a84f27ccee2023-02-08 09:42:05.484root 11241100x8000000000000000258806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:05.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d85d9b645e0d95a72023-02-08 09:42:05.484root 11241100x8000000000000000258805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:05.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b007a121541ed3a92023-02-08 09:42:05.484root 11241100x8000000000000000258804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:05.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a47f3de520b8abe92023-02-08 09:42:05.484root 11241100x8000000000000000258803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:05.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f5ee362edefb4c2023-02-08 09:42:05.484root 11241100x8000000000000000258802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:05.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f49e95701969b52023-02-08 09:42:05.484root 11241100x8000000000000000258811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:05.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b736afc77d330742023-02-08 09:42:05.485root 11241100x8000000000000000258810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:05.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8986179433be29842023-02-08 09:42:05.485root 11241100x8000000000000000258809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:05.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2156dc2c848a46ed2023-02-08 09:42:05.485root 11241100x8000000000000000258817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:05.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91307b5e4939612b2023-02-08 09:42:05.984root 11241100x8000000000000000258816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:05.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99fb305cb6e0a4852023-02-08 09:42:05.984root 11241100x8000000000000000258815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:05.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b441a86e2c3c952023-02-08 09:42:05.984root 11241100x8000000000000000258814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:05.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09d7311acd26fdd2023-02-08 09:42:05.984root 11241100x8000000000000000258813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:05.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bf287b435b3130b2023-02-08 09:42:05.984root 11241100x8000000000000000258812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:05.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc1b4cfd0036be2e2023-02-08 09:42:05.984root 11241100x8000000000000000258821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24cb96d2834361812023-02-08 09:42:05.985root 11241100x8000000000000000258820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d64c05ac2bd8022023-02-08 09:42:05.985root 11241100x8000000000000000258819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d329d85dfca2abbd2023-02-08 09:42:05.985root 11241100x8000000000000000258818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.966ab412a38824ab2023-02-08 09:42:05.985root 354300x8000000000000000258822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.071{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-59362-false10.0.1.12-8000- 11241100x8000000000000000258823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.364{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2023-02-08 09:42:06.364root 11241100x8000000000000000258833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab17207af28a837d2023-02-08 09:42:06.365root 11241100x8000000000000000258832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c15f0867e4e0ea202023-02-08 09:42:06.365root 11241100x8000000000000000258831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65296ec80a3d85832023-02-08 09:42:06.365root 11241100x8000000000000000258830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adab418ed01e960a2023-02-08 09:42:06.365root 11241100x8000000000000000258829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0618f11689c7a372023-02-08 09:42:06.365root 11241100x8000000000000000258828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be8ae2c334f5ef262023-02-08 09:42:06.365root 11241100x8000000000000000258827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80931413b47b0b042023-02-08 09:42:06.365root 11241100x8000000000000000258826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c13518472a1dcef52023-02-08 09:42:06.365root 11241100x8000000000000000258825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28521233caf0d2922023-02-08 09:42:06.365root 11241100x8000000000000000258824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d001f77bd2772bc12023-02-08 09:42:06.365root 11241100x8000000000000000258835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb824cfd2ef2fd8e2023-02-08 09:42:06.366root 11241100x8000000000000000258834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71bac9a7dc5e578a2023-02-08 09:42:06.366root 354300x8000000000000000258836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.704{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-44570-false10.0.1.12-8089- 11241100x8000000000000000258844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.706{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.107b3e25bbb1e8d42023-02-08 09:42:06.706root 11241100x8000000000000000258843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.706{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc644bfa527be3d2023-02-08 09:42:06.706root 11241100x8000000000000000258842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.706{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d773ad21b876582023-02-08 09:42:06.706root 11241100x8000000000000000258841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.706{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e703ef79bf93b7d42023-02-08 09:42:06.706root 11241100x8000000000000000258840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.706{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc2a20664064b432023-02-08 09:42:06.706root 11241100x8000000000000000258839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.706{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecaabcad395217e62023-02-08 09:42:06.706root 11241100x8000000000000000258838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.706{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a0698cb13f03ea2023-02-08 09:42:06.706root 11241100x8000000000000000258837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.706{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5489338118b2b5cc2023-02-08 09:42:06.706root 11241100x8000000000000000258849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.707{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9171f785aeb2ff62023-02-08 09:42:06.707root 11241100x8000000000000000258848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.707{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462b0a983427e8842023-02-08 09:42:06.707root 11241100x8000000000000000258847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.707{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee372bbc370ed8492023-02-08 09:42:06.707root 11241100x8000000000000000258846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.707{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4bc099fa6277b9f2023-02-08 09:42:06.707root 11241100x8000000000000000258845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.707{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31fc3763a1beb0002023-02-08 09:42:06.707root 11241100x8000000000000000258855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a647fd83f3d8deac2023-02-08 09:42:06.984root 11241100x8000000000000000258854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f885724dcfef7f2023-02-08 09:42:06.984root 11241100x8000000000000000258853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.907cb54357e14cac2023-02-08 09:42:06.984root 11241100x8000000000000000258852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1ff28b33aef36fe2023-02-08 09:42:06.984root 11241100x8000000000000000258851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b60d1f84ebdb352023-02-08 09:42:06.984root 11241100x8000000000000000258850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4eb5952e7da49622023-02-08 09:42:06.984root 11241100x8000000000000000258862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd914f73b65afdc92023-02-08 09:42:06.985root 11241100x8000000000000000258861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e88c0d017d4c017b2023-02-08 09:42:06.985root 11241100x8000000000000000258860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a600f3be173c30c42023-02-08 09:42:06.985root 11241100x8000000000000000258859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.133b7afd70b671742023-02-08 09:42:06.985root 11241100x8000000000000000258858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68bf0f8eba5dd80e2023-02-08 09:42:06.985root 11241100x8000000000000000258857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d65d9381fba1d7aa2023-02-08 09:42:06.985root 11241100x8000000000000000258856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f75896aa5bc5a6c72023-02-08 09:42:06.985root 11241100x8000000000000000258865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:07.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5641881bbcdc07eb2023-02-08 09:42:07.484root 11241100x8000000000000000258864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:07.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11e64235d04002662023-02-08 09:42:07.484root 11241100x8000000000000000258863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:07.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.076dd9401c08ee5e2023-02-08 09:42:07.484root 11241100x8000000000000000258870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:07.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd69e5a6d7a037e22023-02-08 09:42:07.485root 11241100x8000000000000000258869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:07.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6493d8c8caee95b42023-02-08 09:42:07.485root 11241100x8000000000000000258868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:07.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf4a7e211ded93312023-02-08 09:42:07.485root 11241100x8000000000000000258867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:07.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.455239c7bd6627472023-02-08 09:42:07.485root 11241100x8000000000000000258866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:07.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.080dcfb0ff3d651a2023-02-08 09:42:07.485root 11241100x8000000000000000258875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e07fb59625997e172023-02-08 09:42:07.486root 11241100x8000000000000000258874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.235b8c6839f9a2312023-02-08 09:42:07.486root 11241100x8000000000000000258873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c16d0e067a70a622023-02-08 09:42:07.486root 11241100x8000000000000000258872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f838824b8ae98202023-02-08 09:42:07.486root 11241100x8000000000000000258871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a1cffae2ec3ac92023-02-08 09:42:07.486root 11241100x8000000000000000258876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:07.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.813570cb8e1144912023-02-08 09:42:07.984root 11241100x8000000000000000258885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b75b12edca0db9b2023-02-08 09:42:07.985root 11241100x8000000000000000258884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4691d5fd8ca09882023-02-08 09:42:07.985root 11241100x8000000000000000258883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d26f96c72381d57f2023-02-08 09:42:07.985root 11241100x8000000000000000258882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06a1c04f995656882023-02-08 09:42:07.985root 11241100x8000000000000000258881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a207fb1f0517a09a2023-02-08 09:42:07.985root 11241100x8000000000000000258880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6258becba3814c2023-02-08 09:42:07.985root 11241100x8000000000000000258879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18397080eae16ef92023-02-08 09:42:07.985root 11241100x8000000000000000258878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f241845d0baf33e62023-02-08 09:42:07.985root 11241100x8000000000000000258877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b0fe6b858eb9792023-02-08 09:42:07.985root 11241100x8000000000000000258888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:07.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2146b5f82b3d682023-02-08 09:42:07.986root 11241100x8000000000000000258887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:07.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c4150ed45bfd97f2023-02-08 09:42:07.986root 11241100x8000000000000000258886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:07.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e78a1ef150c252f2023-02-08 09:42:07.986root 11241100x8000000000000000258895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:08.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b61b5aacfe54e662023-02-08 09:42:08.484root 11241100x8000000000000000258894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:08.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0d1d9510f1b5a9d2023-02-08 09:42:08.484root 11241100x8000000000000000258893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:08.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b2dc172f82112f02023-02-08 09:42:08.484root 11241100x8000000000000000258892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:08.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e74777a6e75c4f72023-02-08 09:42:08.484root 11241100x8000000000000000258891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:08.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a27df07cefc64da42023-02-08 09:42:08.484root 11241100x8000000000000000258890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:08.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c17812287f85e55e2023-02-08 09:42:08.484root 11241100x8000000000000000258889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:08.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b10b85e2eb230522023-02-08 09:42:08.484root 11241100x8000000000000000258901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ba9a85011240f22023-02-08 09:42:08.485root 11241100x8000000000000000258900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43588b95a6d9f7092023-02-08 09:42:08.485root 11241100x8000000000000000258899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be5523a6da4069502023-02-08 09:42:08.485root 11241100x8000000000000000258898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db5bf093fa07c9d82023-02-08 09:42:08.485root 11241100x8000000000000000258897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75bce88f55f829bb2023-02-08 09:42:08.485root 11241100x8000000000000000258896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d23550dd5a30f49d2023-02-08 09:42:08.485root 11241100x8000000000000000258908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:08.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2c94d0dccc69aca2023-02-08 09:42:08.984root 11241100x8000000000000000258907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:08.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cda334379d60bdd02023-02-08 09:42:08.984root 11241100x8000000000000000258906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:08.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cedfce0bf3baf162023-02-08 09:42:08.984root 11241100x8000000000000000258905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:08.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.959f2d7d1e7509612023-02-08 09:42:08.984root 11241100x8000000000000000258904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:08.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54aae3db51471da32023-02-08 09:42:08.984root 11241100x8000000000000000258903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:08.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b0e3b80f67b1daf2023-02-08 09:42:08.984root 11241100x8000000000000000258902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:08.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aabd479c87482302023-02-08 09:42:08.984root 11241100x8000000000000000258914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.969d51532af121172023-02-08 09:42:08.985root 11241100x8000000000000000258913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21a04f586f73dc482023-02-08 09:42:08.985root 11241100x8000000000000000258912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa94a8a65ff330462023-02-08 09:42:08.985root 11241100x8000000000000000258911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c50ef10500bb2e2023-02-08 09:42:08.985root 11241100x8000000000000000258910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef83215c2a5fc3722023-02-08 09:42:08.985root 11241100x8000000000000000258909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.647d1a971392b72d2023-02-08 09:42:08.985root 23542300x8000000000000000258915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:09.365{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000258919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:09.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12380c743de271ca2023-02-08 09:42:09.366root 11241100x8000000000000000258918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:09.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6268a5794c6dcdc72023-02-08 09:42:09.366root 11241100x8000000000000000258917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:09.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af509ac6e2f9e7762023-02-08 09:42:09.366root 11241100x8000000000000000258916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:09.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bcb239df0593ea52023-02-08 09:42:09.366root 11241100x8000000000000000258925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:09.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d897bc28ed76db852023-02-08 09:42:09.367root 11241100x8000000000000000258924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:09.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34780367849759322023-02-08 09:42:09.367root 11241100x8000000000000000258923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:09.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9968a420c9ecb12023-02-08 09:42:09.367root 11241100x8000000000000000258922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:09.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bddeb12623d85d002023-02-08 09:42:09.367root 11241100x8000000000000000258921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:09.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b393b32de315d6c2023-02-08 09:42:09.367root 11241100x8000000000000000258920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:09.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c7bda9f4fa9c0a2023-02-08 09:42:09.367root 11241100x8000000000000000258930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:09.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9fce93d832b7ca02023-02-08 09:42:09.368root 11241100x8000000000000000258929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:09.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c205cc9a292f9b652023-02-08 09:42:09.368root 11241100x8000000000000000258928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:09.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.145dfacc60a0e8252023-02-08 09:42:09.368root 11241100x8000000000000000258927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:09.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.665ea5edcfaf13ab2023-02-08 09:42:09.368root 11241100x8000000000000000258926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:09.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd25164aa9550bba2023-02-08 09:42:09.368root 11241100x8000000000000000258933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:09.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab55052aea3543e2023-02-08 09:42:09.734root 11241100x8000000000000000258932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:09.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a4a648ce10434462023-02-08 09:42:09.734root 11241100x8000000000000000258931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:09.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40fd05da705dc9672023-02-08 09:42:09.734root 11241100x8000000000000000258936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:09.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c34f9bb937e8fde2023-02-08 09:42:09.735root 11241100x8000000000000000258935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:09.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1091f623973c7b402023-02-08 09:42:09.735root 11241100x8000000000000000258934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:09.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c56e10758f0386552023-02-08 09:42:09.735root 11241100x8000000000000000258941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:09.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59abdcce46fa71122023-02-08 09:42:09.736root 11241100x8000000000000000258940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:09.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2195a267c7e1256a2023-02-08 09:42:09.736root 11241100x8000000000000000258939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:09.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b11a655cbaf6dd352023-02-08 09:42:09.736root 11241100x8000000000000000258938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:09.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35004df8739124392023-02-08 09:42:09.736root 11241100x8000000000000000258937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:09.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33b507ddc0e94af22023-02-08 09:42:09.736root 11241100x8000000000000000258944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:09.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a899b490af1977552023-02-08 09:42:09.737root 11241100x8000000000000000258943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:09.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d86303eabd7ba4bf2023-02-08 09:42:09.737root 11241100x8000000000000000258942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:09.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.002a881173b299282023-02-08 09:42:09.737root 11241100x8000000000000000258949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:10.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f55001f421407932023-02-08 09:42:10.234root 11241100x8000000000000000258948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:10.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c9f96e9c2bdc612023-02-08 09:42:10.234root 11241100x8000000000000000258947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:10.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7540808cf05ee8f92023-02-08 09:42:10.234root 11241100x8000000000000000258946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:10.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41758fbada37ec2e2023-02-08 09:42:10.234root 11241100x8000000000000000258945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:10.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64c11ccb408d31732023-02-08 09:42:10.234root 11241100x8000000000000000258958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:10.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.466c89c897fb01e22023-02-08 09:42:10.235root 11241100x8000000000000000258957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:10.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b490393b5c4b86be2023-02-08 09:42:10.235root 11241100x8000000000000000258956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:10.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0299dc10b864f91f2023-02-08 09:42:10.235root 11241100x8000000000000000258955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:10.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feb06beee4a38d962023-02-08 09:42:10.235root 11241100x8000000000000000258954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:10.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5df0a09ec4099c22023-02-08 09:42:10.235root 11241100x8000000000000000258953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:10.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7140dd554a6569242023-02-08 09:42:10.235root 11241100x8000000000000000258952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:10.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35362042dd61f4922023-02-08 09:42:10.235root 11241100x8000000000000000258951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:10.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be2b7c5da686be4a2023-02-08 09:42:10.235root 11241100x8000000000000000258950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:10.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43f910000084a7712023-02-08 09:42:10.235root 11241100x8000000000000000258959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:10.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69795930148c7fb2023-02-08 09:42:10.734root 11241100x8000000000000000258963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:10.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f122af15df547f92023-02-08 09:42:10.735root 11241100x8000000000000000258962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:10.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7507208ac58f3f172023-02-08 09:42:10.735root 11241100x8000000000000000258961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:10.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.453c3aa980868ace2023-02-08 09:42:10.735root 11241100x8000000000000000258960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:10.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.908f23349d9ecdaa2023-02-08 09:42:10.735root 11241100x8000000000000000258972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:10.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae42c237ffe945e22023-02-08 09:42:10.736root 11241100x8000000000000000258971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:10.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a4729ff6b9787132023-02-08 09:42:10.736root 11241100x8000000000000000258970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:10.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f7f3644989759e2023-02-08 09:42:10.736root 11241100x8000000000000000258969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:10.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49b49583db3c4e02023-02-08 09:42:10.736root 11241100x8000000000000000258968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:10.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28194241d8a2818b2023-02-08 09:42:10.736root 11241100x8000000000000000258967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:10.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbf7047b3560be392023-02-08 09:42:10.736root 11241100x8000000000000000258966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:10.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c74257f905fe7c162023-02-08 09:42:10.736root 11241100x8000000000000000258965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:10.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b444db8a8480ac02023-02-08 09:42:10.736root 11241100x8000000000000000258964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:10.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb69734c4bcaa8f2023-02-08 09:42:10.736root 354300x8000000000000000258973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.171{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39902-false10.0.1.12-8000- 11241100x8000000000000000258977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.172{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e307f28cc560764a2023-02-08 09:42:11.172root 11241100x8000000000000000258976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.172{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1fdcb6eeeadf8132023-02-08 09:42:11.172root 11241100x8000000000000000258975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.172{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b62d7570d73ae05d2023-02-08 09:42:11.172root 11241100x8000000000000000258974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.172{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.461a6f245156c2652023-02-08 09:42:11.172root 11241100x8000000000000000258986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.173{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6575aecb9caf18df2023-02-08 09:42:11.173root 11241100x8000000000000000258985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.173{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.358c02e0f42acc622023-02-08 09:42:11.173root 11241100x8000000000000000258984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.173{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.588eb960942cb2782023-02-08 09:42:11.173root 11241100x8000000000000000258983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.173{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c84dcfce904e57e02023-02-08 09:42:11.173root 11241100x8000000000000000258982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.173{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e286896f70e9df2023-02-08 09:42:11.173root 11241100x8000000000000000258981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.173{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cfb9861a113def52023-02-08 09:42:11.173root 11241100x8000000000000000258980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.173{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cef663723395beb62023-02-08 09:42:11.173root 11241100x8000000000000000258979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.173{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d889ca1a25b3e0df2023-02-08 09:42:11.173root 11241100x8000000000000000258978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.173{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f13ab4a6ccea75982023-02-08 09:42:11.173root 11241100x8000000000000000258995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.174{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75301601a646143c2023-02-08 09:42:11.174root 11241100x8000000000000000258994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.174{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9de0f56d51365012023-02-08 09:42:11.174root 11241100x8000000000000000258993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.174{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.407d6e6b6d5d4c902023-02-08 09:42:11.174root 11241100x8000000000000000258992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.174{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4f89c154c757a42023-02-08 09:42:11.174root 11241100x8000000000000000258991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.174{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4787b9c9b1d4700f2023-02-08 09:42:11.174root 11241100x8000000000000000258990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.174{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3550aa5d2f1cf53f2023-02-08 09:42:11.174root 11241100x8000000000000000258989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.174{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5844a59ffb078fc32023-02-08 09:42:11.174root 11241100x8000000000000000258988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.174{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e1f1b66bd0d2ae52023-02-08 09:42:11.174root 11241100x8000000000000000258987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.174{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeda2bfd1092baaa2023-02-08 09:42:11.174root 11241100x8000000000000000259001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.175{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e53b9bc2355e09962023-02-08 09:42:11.175root 11241100x8000000000000000259000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.175{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44886d40e88af0642023-02-08 09:42:11.175root 11241100x8000000000000000258999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.175{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e8703c6e3a07892023-02-08 09:42:11.175root 11241100x8000000000000000258998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.175{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7add7fb164479822023-02-08 09:42:11.175root 11241100x8000000000000000258997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.175{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b9112475d82c6b2023-02-08 09:42:11.175root 11241100x8000000000000000258996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.175{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa152ac24f027fa52023-02-08 09:42:11.175root 11241100x8000000000000000259003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.176{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e2ac133d7244e52023-02-08 09:42:11.176root 11241100x8000000000000000259002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.176{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f0bdabe4c5883182023-02-08 09:42:11.176root 11241100x8000000000000000259012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c0ea771b9ee3662023-02-08 09:42:11.484root 11241100x8000000000000000259011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45675dbd7faca77b2023-02-08 09:42:11.484root 11241100x8000000000000000259010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ead30c61136892842023-02-08 09:42:11.484root 11241100x8000000000000000259009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f3019b4ecef7722023-02-08 09:42:11.484root 11241100x8000000000000000259008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9ab4ddec3558c42023-02-08 09:42:11.484root 11241100x8000000000000000259007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e58866d52349ad62023-02-08 09:42:11.484root 11241100x8000000000000000259006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85005823b3926b962023-02-08 09:42:11.484root 11241100x8000000000000000259005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d9809f84f29dd62023-02-08 09:42:11.484root 11241100x8000000000000000259004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.465c0357ce0bea552023-02-08 09:42:11.484root 11241100x8000000000000000259018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1977a8f2ad2c082023-02-08 09:42:11.485root 11241100x8000000000000000259017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eac8cd2b8cbe26b2023-02-08 09:42:11.485root 11241100x8000000000000000259016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3fc4093bc6f57da2023-02-08 09:42:11.485root 11241100x8000000000000000259015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6248f92ebfa97a22023-02-08 09:42:11.485root 11241100x8000000000000000259014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aae155893e00a0132023-02-08 09:42:11.485root 11241100x8000000000000000259013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d2356fe00b017202023-02-08 09:42:11.485root 11241100x8000000000000000259027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec783025b76f2ba2023-02-08 09:42:11.984root 11241100x8000000000000000259026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.632cb4aa1dc437bb2023-02-08 09:42:11.984root 11241100x8000000000000000259025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e4d6784b57c50c62023-02-08 09:42:11.984root 11241100x8000000000000000259024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d4dc700911239662023-02-08 09:42:11.984root 11241100x8000000000000000259023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b66bc409aee6c5c02023-02-08 09:42:11.984root 11241100x8000000000000000259022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f54e0af381f0d9a2023-02-08 09:42:11.984root 11241100x8000000000000000259021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.297960aab2606c052023-02-08 09:42:11.984root 11241100x8000000000000000259020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1059c28317087292023-02-08 09:42:11.984root 11241100x8000000000000000259019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264365b7c277846a2023-02-08 09:42:11.984root 11241100x8000000000000000259033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec0295e5a2d1baa2023-02-08 09:42:11.985root 11241100x8000000000000000259032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7687976c1950512023-02-08 09:42:11.985root 11241100x8000000000000000259031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e99f9c1f5e30b1b2023-02-08 09:42:11.985root 11241100x8000000000000000259030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7321ecd169cf4ce32023-02-08 09:42:11.985root 11241100x8000000000000000259029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.512ecfb8fc7e41a12023-02-08 09:42:11.985root 11241100x8000000000000000259028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a7fdead49d733c92023-02-08 09:42:11.985root 11241100x8000000000000000259044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:12.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9764faa02fefad32023-02-08 09:42:12.484root 11241100x8000000000000000259043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:12.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65fe10f574ea02702023-02-08 09:42:12.484root 11241100x8000000000000000259042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:12.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b295e542152b551e2023-02-08 09:42:12.484root 11241100x8000000000000000259041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:12.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa6450b6d6cfdb172023-02-08 09:42:12.484root 11241100x8000000000000000259040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:12.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e1a047bb6ebd8e2023-02-08 09:42:12.484root 11241100x8000000000000000259039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:12.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe527a94cef9726d2023-02-08 09:42:12.484root 11241100x8000000000000000259038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:12.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d898a0cb5f26442023-02-08 09:42:12.484root 11241100x8000000000000000259037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:12.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf9251d100897b272023-02-08 09:42:12.484root 11241100x8000000000000000259036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:12.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43618df41c59bb362023-02-08 09:42:12.484root 11241100x8000000000000000259035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:12.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e8b025dda2bd962023-02-08 09:42:12.484root 11241100x8000000000000000259034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:12.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4dcb0b4e60f357b2023-02-08 09:42:12.484root 11241100x8000000000000000259048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:12.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b34fb5622e3450632023-02-08 09:42:12.485root 11241100x8000000000000000259047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:12.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e694943c5243bd522023-02-08 09:42:12.485root 11241100x8000000000000000259046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:12.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bef337f3f4f3afd2023-02-08 09:42:12.485root 11241100x8000000000000000259045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:12.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.396ea06da72f8a832023-02-08 09:42:12.485root 11241100x8000000000000000259053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:12.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ef998907c9691b2023-02-08 09:42:12.984root 11241100x8000000000000000259052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:12.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da929cf48fc86922023-02-08 09:42:12.984root 11241100x8000000000000000259051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:12.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bf392e8d394c25e2023-02-08 09:42:12.984root 11241100x8000000000000000259050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:12.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3486364257dcc8a22023-02-08 09:42:12.984root 11241100x8000000000000000259049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:12.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.936a75e8194efd682023-02-08 09:42:12.984root 11241100x8000000000000000259063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:12.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faabe34268e6f8e02023-02-08 09:42:12.985root 11241100x8000000000000000259062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:12.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a198bdda4591952023-02-08 09:42:12.985root 11241100x8000000000000000259061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:12.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46e919ff738adc612023-02-08 09:42:12.985root 11241100x8000000000000000259060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:12.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f53752eac8024a2023-02-08 09:42:12.985root 11241100x8000000000000000259059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:12.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afad0bfb8ec8ff972023-02-08 09:42:12.985root 11241100x8000000000000000259058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:12.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ad09960c8dc1562023-02-08 09:42:12.985root 11241100x8000000000000000259057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:12.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b19224ce14afd22023-02-08 09:42:12.985root 11241100x8000000000000000259056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:12.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b72998f08d241c952023-02-08 09:42:12.985root 11241100x8000000000000000259055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:12.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e901623aefb2afff2023-02-08 09:42:12.985root 11241100x8000000000000000259054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:12.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e938f84cec0aff712023-02-08 09:42:12.985root 11241100x8000000000000000259067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:13.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c795575366fa2e022023-02-08 09:42:13.484root 11241100x8000000000000000259066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:13.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc04be3564be03b2023-02-08 09:42:13.484root 11241100x8000000000000000259065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:13.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d5c363629c909842023-02-08 09:42:13.484root 11241100x8000000000000000259064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:13.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f4a3016d98d8d892023-02-08 09:42:13.484root 11241100x8000000000000000259075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea0f1bba959e3f32023-02-08 09:42:13.485root 11241100x8000000000000000259074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e86eac2b6accdb782023-02-08 09:42:13.485root 11241100x8000000000000000259073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c3c28109a0381972023-02-08 09:42:13.485root 11241100x8000000000000000259072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c347f1bb5875b0d2023-02-08 09:42:13.485root 11241100x8000000000000000259071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56891f11aa912d732023-02-08 09:42:13.485root 11241100x8000000000000000259070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f650e8ae07fc4c2023-02-08 09:42:13.485root 11241100x8000000000000000259069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2dda3ef897386742023-02-08 09:42:13.485root 11241100x8000000000000000259068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41daf1d1a7ee5cbf2023-02-08 09:42:13.485root 11241100x8000000000000000259078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0952c07781e678f22023-02-08 09:42:13.486root 11241100x8000000000000000259077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.102c1f8b33bb6bcc2023-02-08 09:42:13.486root 11241100x8000000000000000259076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60780cdc81d2c0722023-02-08 09:42:13.486root 11241100x8000000000000000259079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:13.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9410990f049b3f982023-02-08 09:42:13.984root 11241100x8000000000000000259086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86eaf3392bcec7282023-02-08 09:42:13.985root 11241100x8000000000000000259085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc3982e9c2bf05e72023-02-08 09:42:13.985root 11241100x8000000000000000259084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95f31040442d188f2023-02-08 09:42:13.985root 11241100x8000000000000000259083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf88e2ec6e543902023-02-08 09:42:13.985root 11241100x8000000000000000259082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba913e06ab76c212023-02-08 09:42:13.985root 11241100x8000000000000000259081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3739c2e190bb1152023-02-08 09:42:13.985root 11241100x8000000000000000259080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e06bd076f60b56f42023-02-08 09:42:13.985root 11241100x8000000000000000259093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3135517465d43792023-02-08 09:42:13.986root 11241100x8000000000000000259092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87cc628f9a183cd82023-02-08 09:42:13.986root 11241100x8000000000000000259091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f6b9d5f0a8d8e172023-02-08 09:42:13.986root 11241100x8000000000000000259090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e5844fcc2efffe2023-02-08 09:42:13.986root 11241100x8000000000000000259089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.121610d80978ce202023-02-08 09:42:13.986root 11241100x8000000000000000259088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4a146b910f2c362023-02-08 09:42:13.986root 11241100x8000000000000000259087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd9672fe2eaac442023-02-08 09:42:13.986root 11241100x8000000000000000259096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:14.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732b3bce5d12b0a72023-02-08 09:42:14.484root 11241100x8000000000000000259095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:14.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebc13f23eeaf78472023-02-08 09:42:14.484root 11241100x8000000000000000259094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:14.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9656d43e757147c92023-02-08 09:42:14.484root 11241100x8000000000000000259099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1332c6fb31e9a5552023-02-08 09:42:14.485root 11241100x8000000000000000259098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a95314c90a3f5fea2023-02-08 09:42:14.485root 11241100x8000000000000000259097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff57326d7b80f772023-02-08 09:42:14.485root 11241100x8000000000000000259103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9115957f3bfdca2023-02-08 09:42:14.487root 11241100x8000000000000000259102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61048528acecab5e2023-02-08 09:42:14.487root 11241100x8000000000000000259101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8806d327720fe4d72023-02-08 09:42:14.487root 11241100x8000000000000000259100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8359290a0c6ef21d2023-02-08 09:42:14.487root 11241100x8000000000000000259107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b577d9ddd0f743d82023-02-08 09:42:14.488root 11241100x8000000000000000259106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a63172b220bf23ea2023-02-08 09:42:14.488root 11241100x8000000000000000259105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da7ef84a55c669ba2023-02-08 09:42:14.488root 11241100x8000000000000000259104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a06c8d89001ba80a2023-02-08 09:42:14.488root 11241100x8000000000000000259108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:14.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e979799f892917ad2023-02-08 09:42:14.489root 11241100x8000000000000000259112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:14.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edcf95c3ec172f792023-02-08 09:42:14.984root 11241100x8000000000000000259111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:14.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c67bb21e81d598b62023-02-08 09:42:14.984root 11241100x8000000000000000259110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:14.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.636388e183a415762023-02-08 09:42:14.984root 11241100x8000000000000000259109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:14.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e60a15c45d5db6d82023-02-08 09:42:14.984root 11241100x8000000000000000259118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5c7de88bae8d3bb2023-02-08 09:42:14.985root 11241100x8000000000000000259117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89ccbeef74a2a28a2023-02-08 09:42:14.985root 11241100x8000000000000000259116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59463b86cab689402023-02-08 09:42:14.985root 11241100x8000000000000000259115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d475a54701aac5d2023-02-08 09:42:14.985root 11241100x8000000000000000259114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ac950d3c424bc12023-02-08 09:42:14.985root 11241100x8000000000000000259113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae8c0284a57e1fa2023-02-08 09:42:14.985root 11241100x8000000000000000259121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f2be46cd76a11c72023-02-08 09:42:14.986root 11241100x8000000000000000259120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.129d07047d68465d2023-02-08 09:42:14.986root 11241100x8000000000000000259119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4b3783f8e90544f2023-02-08 09:42:14.986root 11241100x8000000000000000259123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:14.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb8734847e591572023-02-08 09:42:14.987root 11241100x8000000000000000259122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:14.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ea4b30529146472023-02-08 09:42:14.987root 11241100x8000000000000000259126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:15.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e21e49c20e3f841f2023-02-08 09:42:15.484root 11241100x8000000000000000259125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:15.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc2439bbc53b1b742023-02-08 09:42:15.484root 11241100x8000000000000000259124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:15.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8034fb5bee28ad4f2023-02-08 09:42:15.484root 11241100x8000000000000000259134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e3164bddc3371c92023-02-08 09:42:15.485root 11241100x8000000000000000259133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa01d5fd08b0aff72023-02-08 09:42:15.485root 11241100x8000000000000000259132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1397c58949de61722023-02-08 09:42:15.485root 11241100x8000000000000000259131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d23ec6e8e9bc6d2023-02-08 09:42:15.485root 11241100x8000000000000000259130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839854f6fd1efce42023-02-08 09:42:15.485root 11241100x8000000000000000259129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c7a83a9412713832023-02-08 09:42:15.485root 11241100x8000000000000000259128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b59cf09f8a1237782023-02-08 09:42:15.485root 11241100x8000000000000000259127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbac8603eec34e0e2023-02-08 09:42:15.485root 11241100x8000000000000000259138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3dc2b0fb72dd2e52023-02-08 09:42:15.486root 11241100x8000000000000000259137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a94fc04de4658c2023-02-08 09:42:15.486root 11241100x8000000000000000259136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7faf43e0b35478fa2023-02-08 09:42:15.486root 11241100x8000000000000000259135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efdeef2992520f9e2023-02-08 09:42:15.486root 11241100x8000000000000000259147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:15.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89bbcab6389e74792023-02-08 09:42:15.984root 11241100x8000000000000000259146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:15.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.984408fe2d156ae72023-02-08 09:42:15.984root 11241100x8000000000000000259145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:15.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1b6d40f9fd3e4d82023-02-08 09:42:15.984root 11241100x8000000000000000259144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:15.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7a897ff6340830c2023-02-08 09:42:15.984root 11241100x8000000000000000259143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:15.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7baa62cd59037bb22023-02-08 09:42:15.984root 11241100x8000000000000000259142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:15.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d66d1ae48128780d2023-02-08 09:42:15.984root 11241100x8000000000000000259141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:15.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f7eb31ad7fb02c82023-02-08 09:42:15.984root 11241100x8000000000000000259140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:15.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63133d4d7eb936b72023-02-08 09:42:15.984root 11241100x8000000000000000259139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:15.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5686221ca97279e12023-02-08 09:42:15.984root 11241100x8000000000000000259153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.120f41c55ae4514d2023-02-08 09:42:15.985root 11241100x8000000000000000259152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8298eaf709b0e8032023-02-08 09:42:15.985root 11241100x8000000000000000259151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac89495e871ea94e2023-02-08 09:42:15.985root 11241100x8000000000000000259150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3311671a38b408ca2023-02-08 09:42:15.985root 11241100x8000000000000000259149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f36ce5b1758f3c5a2023-02-08 09:42:15.985root 11241100x8000000000000000259148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68235b15e563c65f2023-02-08 09:42:15.985root 354300x8000000000000000259154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.214{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39912-false10.0.1.12-8000- 11241100x8000000000000000259157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0af78f9444a6b682023-02-08 09:42:16.484root 11241100x8000000000000000259156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e9396eaeab8278e2023-02-08 09:42:16.484root 11241100x8000000000000000259155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.717f775c2c61a7262023-02-08 09:42:16.484root 11241100x8000000000000000259167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d924eafa46936eb2023-02-08 09:42:16.485root 11241100x8000000000000000259166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8caf7446f5ddc332023-02-08 09:42:16.485root 11241100x8000000000000000259165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b6635c49d63fec52023-02-08 09:42:16.485root 11241100x8000000000000000259164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.158a9376d2a280f42023-02-08 09:42:16.485root 11241100x8000000000000000259163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a5fe870dd9027662023-02-08 09:42:16.485root 11241100x8000000000000000259162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d873ebc8e3be73132023-02-08 09:42:16.485root 11241100x8000000000000000259161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065bcb7db27f9d852023-02-08 09:42:16.485root 11241100x8000000000000000259160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83848e31d7dfc29e2023-02-08 09:42:16.485root 11241100x8000000000000000259159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ad4ed26fc435d82023-02-08 09:42:16.485root 11241100x8000000000000000259158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52324eb0a2803b3b2023-02-08 09:42:16.485root 11241100x8000000000000000259170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73523617847c4aad2023-02-08 09:42:16.486root 11241100x8000000000000000259169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c10f13aeafee4a7c2023-02-08 09:42:16.486root 11241100x8000000000000000259168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb687b338c147d92023-02-08 09:42:16.486root 11241100x8000000000000000259174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.926f09b378bc418f2023-02-08 09:42:16.984root 11241100x8000000000000000259173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d0ad020d82b8f82023-02-08 09:42:16.984root 11241100x8000000000000000259172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfbeb8483a9f2f0a2023-02-08 09:42:16.984root 11241100x8000000000000000259171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b69cffbdd326534c2023-02-08 09:42:16.984root 11241100x8000000000000000259181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f229e8e4332568e92023-02-08 09:42:16.985root 11241100x8000000000000000259180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60e5753d902865f82023-02-08 09:42:16.985root 11241100x8000000000000000259179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970a5efdf1a4f0b22023-02-08 09:42:16.985root 11241100x8000000000000000259178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab2dfa97b73629542023-02-08 09:42:16.985root 11241100x8000000000000000259177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.680daf9ca26575632023-02-08 09:42:16.985root 11241100x8000000000000000259176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75902866b8fbd86a2023-02-08 09:42:16.985root 11241100x8000000000000000259175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf85cb9cc416d6df2023-02-08 09:42:16.985root 11241100x8000000000000000259186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c7a16d59c962742023-02-08 09:42:16.986root 11241100x8000000000000000259185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da865b8d0700b0e82023-02-08 09:42:16.986root 11241100x8000000000000000259184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a77d53793197f9ce2023-02-08 09:42:16.986root 11241100x8000000000000000259183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7444144ebe02258d2023-02-08 09:42:16.986root 11241100x8000000000000000259182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d7bbaf363fe48772023-02-08 09:42:16.986root 11241100x8000000000000000259190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1560cb0e1eea0882023-02-08 09:42:17.484root 11241100x8000000000000000259189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3eb89e669ad2c492023-02-08 09:42:17.484root 11241100x8000000000000000259188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.617ee6a22a9344cd2023-02-08 09:42:17.484root 11241100x8000000000000000259187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd14b830834b98c82023-02-08 09:42:17.484root 11241100x8000000000000000259197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ab683d144a7cbf2023-02-08 09:42:17.485root 11241100x8000000000000000259196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267de1ec377553d22023-02-08 09:42:17.485root 11241100x8000000000000000259195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deb400db68a66ace2023-02-08 09:42:17.485root 11241100x8000000000000000259194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bba05abefd6922992023-02-08 09:42:17.485root 11241100x8000000000000000259193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b297b5532790dd702023-02-08 09:42:17.485root 11241100x8000000000000000259192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.190778ce4022ef392023-02-08 09:42:17.485root 11241100x8000000000000000259191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf7fdf94bf094cf2023-02-08 09:42:17.485root 11241100x8000000000000000259200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c13a766436668a2023-02-08 09:42:17.486root 11241100x8000000000000000259199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.312df3d7427436e62023-02-08 09:42:17.486root 11241100x8000000000000000259198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d78b3317f18e8142023-02-08 09:42:17.486root 11241100x8000000000000000259202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12b89f804650c912023-02-08 09:42:17.487root 11241100x8000000000000000259201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d7b7c479a3619f2023-02-08 09:42:17.487root 11241100x8000000000000000259204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5304666d9c5397bc2023-02-08 09:42:17.984root 11241100x8000000000000000259203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3c5d05c5779918c2023-02-08 09:42:17.984root 11241100x8000000000000000259210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f7c044b32c8d5f2023-02-08 09:42:17.985root 11241100x8000000000000000259209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0203b8cab8991582023-02-08 09:42:17.985root 11241100x8000000000000000259208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6646e1d0fc1ca8d82023-02-08 09:42:17.985root 11241100x8000000000000000259207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c49113018771c3d2023-02-08 09:42:17.985root 11241100x8000000000000000259206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b39526b8b78214a2023-02-08 09:42:17.985root 11241100x8000000000000000259205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cef289de12bf8692023-02-08 09:42:17.985root 11241100x8000000000000000259218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bdea8ca110834392023-02-08 09:42:17.986root 11241100x8000000000000000259217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1862b195a874db372023-02-08 09:42:17.986root 11241100x8000000000000000259216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62368e79bcc809e12023-02-08 09:42:17.986root 11241100x8000000000000000259215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e44ae8b31694f85e2023-02-08 09:42:17.986root 11241100x8000000000000000259214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eb0472ca6d817112023-02-08 09:42:17.986root 11241100x8000000000000000259213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df738cec178d26a2023-02-08 09:42:17.986root 11241100x8000000000000000259212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e813be43f23c66db2023-02-08 09:42:17.986root 11241100x8000000000000000259211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77eb09b8c7b863fc2023-02-08 09:42:17.986root 11241100x8000000000000000259225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3551e716b89cb7ec2023-02-08 09:42:18.484root 11241100x8000000000000000259224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8477c36bd9ac3fe82023-02-08 09:42:18.484root 11241100x8000000000000000259223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ca8c730992c63442023-02-08 09:42:18.484root 11241100x8000000000000000259222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8352fcc1e7300c42023-02-08 09:42:18.484root 11241100x8000000000000000259221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ad4efa734b897bb2023-02-08 09:42:18.484root 11241100x8000000000000000259220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a9e6ee329f6e2b02023-02-08 09:42:18.484root 11241100x8000000000000000259219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.389a994c700d67372023-02-08 09:42:18.484root 11241100x8000000000000000259231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c22f72bfed10239b2023-02-08 09:42:18.485root 11241100x8000000000000000259230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27c5fafabcbab1992023-02-08 09:42:18.485root 11241100x8000000000000000259229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a3e91048f08eebd2023-02-08 09:42:18.485root 11241100x8000000000000000259228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.325d677a1f77861a2023-02-08 09:42:18.485root 11241100x8000000000000000259227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de0fe9711e87f4582023-02-08 09:42:18.485root 11241100x8000000000000000259226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b312e113d3916ed2023-02-08 09:42:18.485root 11241100x8000000000000000259234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.301bf108fe210cb92023-02-08 09:42:18.486root 11241100x8000000000000000259233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37ff5f6fa3cc331d2023-02-08 09:42:18.486root 11241100x8000000000000000259232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e12d705736578f72023-02-08 09:42:18.486root 11241100x8000000000000000259238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.022e4405dc98f6102023-02-08 09:42:18.984root 11241100x8000000000000000259237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.220239862efc984d2023-02-08 09:42:18.984root 11241100x8000000000000000259236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd1ff2dd82a83d12023-02-08 09:42:18.984root 11241100x8000000000000000259235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da5215b713e1b2f2023-02-08 09:42:18.984root 11241100x8000000000000000259246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d459386a4d957a42023-02-08 09:42:18.985root 11241100x8000000000000000259245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfad01ac75ef8fb02023-02-08 09:42:18.985root 11241100x8000000000000000259244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900265fd4b12cfc22023-02-08 09:42:18.985root 11241100x8000000000000000259243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.592faa640d1b0a122023-02-08 09:42:18.985root 11241100x8000000000000000259242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcaddd78055aa2fb2023-02-08 09:42:18.985root 11241100x8000000000000000259241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1416a68bb4ec04432023-02-08 09:42:18.985root 11241100x8000000000000000259240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea2b3789d080d1d2023-02-08 09:42:18.985root 11241100x8000000000000000259239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.610c4f198818ead62023-02-08 09:42:18.985root 11241100x8000000000000000259250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dddbf0d92fbb038e2023-02-08 09:42:18.986root 11241100x8000000000000000259249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e310bb1462d8b92023-02-08 09:42:18.986root 11241100x8000000000000000259248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ca19a2aa7076302023-02-08 09:42:18.986root 11241100x8000000000000000259247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bdc423c6ae6744e2023-02-08 09:42:18.986root 11241100x8000000000000000259253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc6f05db564750932023-02-08 09:42:19.484root 11241100x8000000000000000259252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2719a9cf36586ce2023-02-08 09:42:19.484root 11241100x8000000000000000259251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93a47700b011d4bf2023-02-08 09:42:19.484root 11241100x8000000000000000259260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d1ae4a7ddc38a272023-02-08 09:42:19.485root 11241100x8000000000000000259259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900517820fff59a22023-02-08 09:42:19.485root 11241100x8000000000000000259258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80a8c65a5fd569a72023-02-08 09:42:19.485root 11241100x8000000000000000259257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73391c394ffddd932023-02-08 09:42:19.485root 11241100x8000000000000000259256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9804a4eaa9cb10082023-02-08 09:42:19.485root 11241100x8000000000000000259255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ebf380e6bbfc3ca2023-02-08 09:42:19.485root 11241100x8000000000000000259254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d102d21d124ac02023-02-08 09:42:19.485root 11241100x8000000000000000259266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dde7451b7b459cd2023-02-08 09:42:19.486root 11241100x8000000000000000259265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ca72912bcf42042023-02-08 09:42:19.486root 11241100x8000000000000000259264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bad0040d47d3c9cd2023-02-08 09:42:19.486root 11241100x8000000000000000259263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a588dba5291064ab2023-02-08 09:42:19.486root 11241100x8000000000000000259262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f0f43cdbe3074b82023-02-08 09:42:19.486root 11241100x8000000000000000259261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bebb398d60b6498a2023-02-08 09:42:19.486root 11241100x8000000000000000259267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f17de4b41ee724992023-02-08 09:42:19.984root 11241100x8000000000000000259272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b95fdb2cc02386612023-02-08 09:42:19.985root 11241100x8000000000000000259271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d6140e67363fe02023-02-08 09:42:19.985root 11241100x8000000000000000259270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b82a84cbe955e2e2023-02-08 09:42:19.985root 11241100x8000000000000000259269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bebe58e664f585a92023-02-08 09:42:19.985root 11241100x8000000000000000259268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52f9c66b12a174782023-02-08 09:42:19.985root 11241100x8000000000000000259277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839c433243649bf72023-02-08 09:42:19.986root 11241100x8000000000000000259276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e7d2554c578c3e2023-02-08 09:42:19.986root 11241100x8000000000000000259275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d96b50af53bd10582023-02-08 09:42:19.986root 11241100x8000000000000000259274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.189f9f6559e21fa62023-02-08 09:42:19.986root 11241100x8000000000000000259273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d16fc20545d71b5a2023-02-08 09:42:19.986root 11241100x8000000000000000259282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a508fa7ada959772023-02-08 09:42:19.987root 11241100x8000000000000000259281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d7826c06046266a2023-02-08 09:42:19.987root 11241100x8000000000000000259280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adad83cf36a673fd2023-02-08 09:42:19.987root 11241100x8000000000000000259279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b413ad8e42ccb40f2023-02-08 09:42:19.987root 11241100x8000000000000000259278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3429d98d72c37ac2023-02-08 09:42:19.987root 11241100x8000000000000000259288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.361180064f54a1bd2023-02-08 09:42:20.484root 11241100x8000000000000000259287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d8c63e6a6566a892023-02-08 09:42:20.484root 11241100x8000000000000000259286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f0b111895f3c1142023-02-08 09:42:20.484root 11241100x8000000000000000259285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.931815eba3de44152023-02-08 09:42:20.484root 11241100x8000000000000000259284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.696d7199ad82a3072023-02-08 09:42:20.484root 11241100x8000000000000000259283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d806f49cbcbf8d2023-02-08 09:42:20.484root 11241100x8000000000000000259297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.544f73c639758ee62023-02-08 09:42:20.485root 11241100x8000000000000000259296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b6db8d5c56329242023-02-08 09:42:20.485root 11241100x8000000000000000259295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb31b3cc5c6bd3c02023-02-08 09:42:20.485root 11241100x8000000000000000259294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc35e3f88c0b2fcb2023-02-08 09:42:20.485root 11241100x8000000000000000259293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec4e475abf670c12023-02-08 09:42:20.485root 11241100x8000000000000000259292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6085ed3510470d2023-02-08 09:42:20.485root 11241100x8000000000000000259291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d137e2eccab444d22023-02-08 09:42:20.485root 11241100x8000000000000000259290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d88f524d9785da42023-02-08 09:42:20.485root 11241100x8000000000000000259289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9471d980114636e82023-02-08 09:42:20.485root 11241100x8000000000000000259298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f74f320fcc7e8922023-02-08 09:42:20.486root 11241100x8000000000000000259299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f7a2325b3c6de912023-02-08 09:42:20.984root 11241100x8000000000000000259303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af0ee7fd4b5c077a2023-02-08 09:42:20.985root 11241100x8000000000000000259302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.805996d94178093a2023-02-08 09:42:20.985root 11241100x8000000000000000259301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0771bd2a6bd2b8d62023-02-08 09:42:20.985root 11241100x8000000000000000259300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa626d95738a8682023-02-08 09:42:20.985root 11241100x8000000000000000259309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dc80310f1057f7c2023-02-08 09:42:20.986root 11241100x8000000000000000259308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bf241cfb397a7b42023-02-08 09:42:20.986root 11241100x8000000000000000259307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17b63600cf29c1e92023-02-08 09:42:20.986root 11241100x8000000000000000259306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f8b7a2f8799d7c2023-02-08 09:42:20.986root 11241100x8000000000000000259305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4722cb84edfb1b32023-02-08 09:42:20.986root 11241100x8000000000000000259304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c00ca21cd2c483de2023-02-08 09:42:20.986root 11241100x8000000000000000259314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c35ea5f1448b6222023-02-08 09:42:20.987root 11241100x8000000000000000259313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8412a01d663727052023-02-08 09:42:20.987root 11241100x8000000000000000259312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45941c642d9161722023-02-08 09:42:20.987root 11241100x8000000000000000259311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a0947e201037e752023-02-08 09:42:20.987root 11241100x8000000000000000259310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6ec2c669eefa1622023-02-08 09:42:20.987root 11241100x8000000000000000259322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c354dc63a34574f42023-02-08 09:42:21.484root 11241100x8000000000000000259321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54fcb79bdbb4971d2023-02-08 09:42:21.484root 11241100x8000000000000000259320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f126d852a1857cb82023-02-08 09:42:21.484root 11241100x8000000000000000259319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.401ad2b5e4173ce62023-02-08 09:42:21.484root 11241100x8000000000000000259318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53f75ef58b7523a42023-02-08 09:42:21.484root 11241100x8000000000000000259317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200354f8d8f1cef02023-02-08 09:42:21.484root 11241100x8000000000000000259316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d61d545d3a58500a2023-02-08 09:42:21.484root 11241100x8000000000000000259315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.892f2540018928052023-02-08 09:42:21.484root 11241100x8000000000000000259327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa8cdc279a967aa2023-02-08 09:42:21.485root 11241100x8000000000000000259326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a5e82990eff0dd92023-02-08 09:42:21.485root 11241100x8000000000000000259325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02134c63652149c12023-02-08 09:42:21.485root 11241100x8000000000000000259324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2004db4c5403a95c2023-02-08 09:42:21.485root 11241100x8000000000000000259323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67710784a30b56a92023-02-08 09:42:21.485root 11241100x8000000000000000259330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85da3ad16fafed2d2023-02-08 09:42:21.486root 11241100x8000000000000000259329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b701c9a1af710b8d2023-02-08 09:42:21.486root 11241100x8000000000000000259328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.612f364f269449562023-02-08 09:42:21.486root 11241100x8000000000000000259333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab2cf7f464171a0d2023-02-08 09:42:21.984root 11241100x8000000000000000259332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c3fb61786b49a72023-02-08 09:42:21.984root 11241100x8000000000000000259331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28b8c9281451b3d2023-02-08 09:42:21.984root 11241100x8000000000000000259342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eee24432293b4232023-02-08 09:42:21.985root 11241100x8000000000000000259341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e196e97a98c83e82023-02-08 09:42:21.985root 11241100x8000000000000000259340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20d9de3003b09c622023-02-08 09:42:21.985root 11241100x8000000000000000259339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62c34fcc8841381f2023-02-08 09:42:21.985root 11241100x8000000000000000259338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e95a39e8ab2c5eb82023-02-08 09:42:21.985root 11241100x8000000000000000259337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f8c11848a9a073f2023-02-08 09:42:21.985root 11241100x8000000000000000259336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada31d28bfbf19022023-02-08 09:42:21.985root 11241100x8000000000000000259335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cbc085817a5a6e72023-02-08 09:42:21.985root 11241100x8000000000000000259334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb81f8f957add8802023-02-08 09:42:21.985root 11241100x8000000000000000259346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.749381757e51ab712023-02-08 09:42:21.986root 11241100x8000000000000000259345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5699f0cb49fabd432023-02-08 09:42:21.986root 11241100x8000000000000000259344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.908daf4d001b4a762023-02-08 09:42:21.986root 11241100x8000000000000000259343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf603bc5a2761ee2023-02-08 09:42:21.986root 354300x8000000000000000259347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.006{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-55592-false10.0.1.12-8000- 11241100x8000000000000000259354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0603a87951fdfbad2023-02-08 09:42:22.484root 11241100x8000000000000000259353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de3c2968b283f94d2023-02-08 09:42:22.484root 11241100x8000000000000000259352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc92a27860c539882023-02-08 09:42:22.484root 11241100x8000000000000000259351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.154ef358ca94f9622023-02-08 09:42:22.484root 11241100x8000000000000000259350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.942f5e437303fd232023-02-08 09:42:22.484root 11241100x8000000000000000259349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c432dadba789f74f2023-02-08 09:42:22.484root 11241100x8000000000000000259348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53eb9ca4bd0567802023-02-08 09:42:22.484root 11241100x8000000000000000259364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31696e8f2ddfd1e92023-02-08 09:42:22.485root 11241100x8000000000000000259363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.470e1d4a8aeb1f312023-02-08 09:42:22.485root 11241100x8000000000000000259362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c9238a4aa987202023-02-08 09:42:22.485root 11241100x8000000000000000259361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fed12335b89acb2e2023-02-08 09:42:22.485root 11241100x8000000000000000259360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a4f762252dfc622023-02-08 09:42:22.485root 11241100x8000000000000000259359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2df5d5cd380ddad2023-02-08 09:42:22.485root 11241100x8000000000000000259358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a4702559ba0290d2023-02-08 09:42:22.485root 11241100x8000000000000000259357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a510e96e311a31cf2023-02-08 09:42:22.485root 11241100x8000000000000000259356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ff7d37ee524e312023-02-08 09:42:22.485root 11241100x8000000000000000259355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2acf0d282e41349d2023-02-08 09:42:22.485root 11241100x8000000000000000259367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d466633e9cea91e82023-02-08 09:42:22.984root 11241100x8000000000000000259366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.390b0c50b1d8bfbf2023-02-08 09:42:22.984root 11241100x8000000000000000259365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.629102f4cc7712202023-02-08 09:42:22.984root 11241100x8000000000000000259381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46d0e85f0d9a2f102023-02-08 09:42:22.985root 11241100x8000000000000000259380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3ba81b186b85ae92023-02-08 09:42:22.985root 11241100x8000000000000000259379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4731014fcaf38bc62023-02-08 09:42:22.985root 11241100x8000000000000000259378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a0617071b8cd7382023-02-08 09:42:22.985root 11241100x8000000000000000259377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0eefa917763f2212023-02-08 09:42:22.985root 11241100x8000000000000000259376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00cd0588968593792023-02-08 09:42:22.985root 11241100x8000000000000000259375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07ad5c86f26bd1fb2023-02-08 09:42:22.985root 11241100x8000000000000000259374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d4cba2632509ea2023-02-08 09:42:22.985root 11241100x8000000000000000259373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3351f5dd390e9c0c2023-02-08 09:42:22.985root 11241100x8000000000000000259372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3808650b4bfb502023-02-08 09:42:22.985root 11241100x8000000000000000259371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed652bd05fd8bc7d2023-02-08 09:42:22.985root 11241100x8000000000000000259370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c86b7bed068c2f2023-02-08 09:42:22.985root 11241100x8000000000000000259369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b85ba0d0fda17f2023-02-08 09:42:22.985root 11241100x8000000000000000259368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d13f31f9222e445c2023-02-08 09:42:22.985root 11241100x8000000000000000259384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea121af79dcfe71d2023-02-08 09:42:23.484root 11241100x8000000000000000259383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2cfcbf06084e6f02023-02-08 09:42:23.484root 11241100x8000000000000000259382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c38e841ce185e86b2023-02-08 09:42:23.484root 11241100x8000000000000000259394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd86e84ea1ff1b82023-02-08 09:42:23.485root 11241100x8000000000000000259393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c40a2063b224fa62023-02-08 09:42:23.485root 11241100x8000000000000000259392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26a3669dd5ead5bb2023-02-08 09:42:23.485root 11241100x8000000000000000259391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72b957f84b5fd552023-02-08 09:42:23.485root 11241100x8000000000000000259390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b95e993947c10f22023-02-08 09:42:23.485root 11241100x8000000000000000259389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe936f68759564c12023-02-08 09:42:23.485root 11241100x8000000000000000259388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4aca6ac5ab935e72023-02-08 09:42:23.485root 11241100x8000000000000000259387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.213471921c85e62e2023-02-08 09:42:23.485root 11241100x8000000000000000259386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c494dcd1f61ed92023-02-08 09:42:23.485root 11241100x8000000000000000259385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a72979e297ece4d2023-02-08 09:42:23.485root 11241100x8000000000000000259398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1709842370d1a7892023-02-08 09:42:23.486root 11241100x8000000000000000259397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.716a95040ced0b8b2023-02-08 09:42:23.486root 11241100x8000000000000000259396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e90034c9fe71c42023-02-08 09:42:23.486root 11241100x8000000000000000259395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ede9f0833ad7622023-02-08 09:42:23.486root 11241100x8000000000000000259402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0182b742ebab8d2d2023-02-08 09:42:23.984root 11241100x8000000000000000259401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c242306f1322062023-02-08 09:42:23.984root 11241100x8000000000000000259400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a94ecf02f51a1542023-02-08 09:42:23.984root 11241100x8000000000000000259399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5ef4adca14f514a2023-02-08 09:42:23.984root 11241100x8000000000000000259413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa12b73f81ee6e5c2023-02-08 09:42:23.985root 11241100x8000000000000000259412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad72e01733109a552023-02-08 09:42:23.985root 11241100x8000000000000000259411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a563d8e89d459b352023-02-08 09:42:23.985root 11241100x8000000000000000259410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef33781a38594e562023-02-08 09:42:23.985root 11241100x8000000000000000259409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba293cf54f2530442023-02-08 09:42:23.985root 11241100x8000000000000000259408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f01cd787738ac92023-02-08 09:42:23.985root 11241100x8000000000000000259407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad86682567aad542023-02-08 09:42:23.985root 11241100x8000000000000000259406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93674abc361676f42023-02-08 09:42:23.985root 11241100x8000000000000000259405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36076a44034580df2023-02-08 09:42:23.985root 11241100x8000000000000000259404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2341d2faa6141b3b2023-02-08 09:42:23.985root 11241100x8000000000000000259403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e6e308544e516a82023-02-08 09:42:23.985root 11241100x8000000000000000259415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e951fdfcff41f5c12023-02-08 09:42:23.986root 11241100x8000000000000000259414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b86588b3dfb62812023-02-08 09:42:23.986root 11241100x8000000000000000259419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b0783aa1e3011182023-02-08 09:42:24.484root 11241100x8000000000000000259418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.715d9e81913e5dc32023-02-08 09:42:24.484root 11241100x8000000000000000259417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cb118a55c5519462023-02-08 09:42:24.484root 11241100x8000000000000000259416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d458fc17bacc272023-02-08 09:42:24.484root 11241100x8000000000000000259430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c6567765bcbaed92023-02-08 09:42:24.485root 11241100x8000000000000000259429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92362bbe6def2d482023-02-08 09:42:24.485root 11241100x8000000000000000259428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a407fc35a8c27fc22023-02-08 09:42:24.485root 11241100x8000000000000000259427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d165619c43d405322023-02-08 09:42:24.485root 11241100x8000000000000000259426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c9304b821133fd2023-02-08 09:42:24.485root 11241100x8000000000000000259425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95c5a4d6d126f3672023-02-08 09:42:24.485root 11241100x8000000000000000259424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22eccfe3984eaaf32023-02-08 09:42:24.485root 11241100x8000000000000000259423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a774303dfd65b422023-02-08 09:42:24.485root 11241100x8000000000000000259422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ac129713315bfe12023-02-08 09:42:24.485root 11241100x8000000000000000259421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc16a1fe9633ae262023-02-08 09:42:24.485root 11241100x8000000000000000259420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e54da420a249b6c2023-02-08 09:42:24.485root 11241100x8000000000000000259432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa59c3c09ad76c62023-02-08 09:42:24.486root 11241100x8000000000000000259431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f039dcb074eec81b2023-02-08 09:42:24.486root 11241100x8000000000000000259438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.702b94b8e45d988b2023-02-08 09:42:24.984root 11241100x8000000000000000259437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb4a95fbb29a80fa2023-02-08 09:42:24.984root 11241100x8000000000000000259436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.593ada0af9d325a22023-02-08 09:42:24.984root 11241100x8000000000000000259435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c9651fe574a833e2023-02-08 09:42:24.984root 11241100x8000000000000000259434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a34d1e915a6c892023-02-08 09:42:24.984root 11241100x8000000000000000259433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41fa0fb5b78ec92e2023-02-08 09:42:24.984root 11241100x8000000000000000259449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6089e35c5dd3f102023-02-08 09:42:24.985root 11241100x8000000000000000259448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c6cd5fd2d86631d2023-02-08 09:42:24.985root 11241100x8000000000000000259447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb6cbeb2e7b8f1422023-02-08 09:42:24.985root 11241100x8000000000000000259446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72fd6d01ecb1732b2023-02-08 09:42:24.985root 11241100x8000000000000000259445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52800556a4ca11b72023-02-08 09:42:24.985root 11241100x8000000000000000259444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eda5308a8988aada2023-02-08 09:42:24.985root 11241100x8000000000000000259443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95d3b297754690d22023-02-08 09:42:24.985root 11241100x8000000000000000259442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50bef9da2a95a40c2023-02-08 09:42:24.985root 11241100x8000000000000000259441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a710ea17d2f142e72023-02-08 09:42:24.985root 11241100x8000000000000000259440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa06d34d26852dae2023-02-08 09:42:24.985root 11241100x8000000000000000259439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f277e43d17993c1e2023-02-08 09:42:24.985root 11241100x8000000000000000259457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b110d8278ae126b2023-02-08 09:42:25.484root 11241100x8000000000000000259456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.359d1f6c270bd84a2023-02-08 09:42:25.484root 11241100x8000000000000000259455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a07c2e34d3ed572023-02-08 09:42:25.484root 11241100x8000000000000000259454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c39c536d00979f262023-02-08 09:42:25.484root 11241100x8000000000000000259453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b505c4e61e4cc8e92023-02-08 09:42:25.484root 11241100x8000000000000000259452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f42d509d86ebef2023-02-08 09:42:25.484root 11241100x8000000000000000259451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c1e524849ba249d2023-02-08 09:42:25.484root 11241100x8000000000000000259450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d3c03adb3567612023-02-08 09:42:25.484root 11241100x8000000000000000259466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a432921b332d9be2023-02-08 09:42:25.485root 11241100x8000000000000000259465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.220ccfca36d3a7bd2023-02-08 09:42:25.485root 11241100x8000000000000000259464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a36fcf0cf9bd3b6a2023-02-08 09:42:25.485root 11241100x8000000000000000259463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0321cbcda7c493832023-02-08 09:42:25.485root 11241100x8000000000000000259462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc92cedeec3f4f72023-02-08 09:42:25.485root 11241100x8000000000000000259461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a35f3bc4be7b80fe2023-02-08 09:42:25.485root 11241100x8000000000000000259460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bcf170f9beaef8e2023-02-08 09:42:25.485root 11241100x8000000000000000259459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e76eda7c726c90d2023-02-08 09:42:25.485root 11241100x8000000000000000259458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7215e68b201f6f82023-02-08 09:42:25.485root 11241100x8000000000000000259467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e486d71be362d3032023-02-08 09:42:25.984root 11241100x8000000000000000259473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db05fc5801f4c6d42023-02-08 09:42:25.985root 11241100x8000000000000000259472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.526fc1bc2bca5a912023-02-08 09:42:25.985root 11241100x8000000000000000259471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8423ca42c1a23a032023-02-08 09:42:25.985root 11241100x8000000000000000259470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c7ac8da1c0c747c2023-02-08 09:42:25.985root 11241100x8000000000000000259469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98362a25bc11f5d52023-02-08 09:42:25.985root 11241100x8000000000000000259468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d2411b65c8ed2d2023-02-08 09:42:25.985root 11241100x8000000000000000259480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c879b5e9cb7d76fd2023-02-08 09:42:25.987root 11241100x8000000000000000259479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.906e50d53d70bdb52023-02-08 09:42:25.987root 11241100x8000000000000000259478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7062538cf6c82af12023-02-08 09:42:25.987root 11241100x8000000000000000259477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d14fd760fe6b8c6a2023-02-08 09:42:25.987root 11241100x8000000000000000259476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6107294296a97c312023-02-08 09:42:25.987root 11241100x8000000000000000259475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c58ce5bf7e9bc5b62023-02-08 09:42:25.987root 11241100x8000000000000000259474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0827b89f03de48122023-02-08 09:42:25.987root 11241100x8000000000000000259485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.636b0460e4d9f9a72023-02-08 09:42:25.988root 11241100x8000000000000000259484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b7f95fdec296ae62023-02-08 09:42:25.988root 11241100x8000000000000000259483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1dde505f517dcb42023-02-08 09:42:25.988root 11241100x8000000000000000259482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40f6eebfdeeb063d2023-02-08 09:42:25.988root 11241100x8000000000000000259481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.616b0a71c22235972023-02-08 09:42:25.988root 11241100x8000000000000000259491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb51cb47afd2b842023-02-08 09:42:26.484root 11241100x8000000000000000259490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fda8363548b98172023-02-08 09:42:26.484root 11241100x8000000000000000259489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff76052c22b571922023-02-08 09:42:26.484root 11241100x8000000000000000259488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.441c3f92aa566d152023-02-08 09:42:26.484root 11241100x8000000000000000259487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1542847d829b11e42023-02-08 09:42:26.484root 11241100x8000000000000000259486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0468806025c57a92023-02-08 09:42:26.484root 11241100x8000000000000000259492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbcb4eaaa5d182602023-02-08 09:42:26.485root 11241100x8000000000000000259495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.452f3e05bf3b16922023-02-08 09:42:26.486root 11241100x8000000000000000259494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.332f06af027ed0392023-02-08 09:42:26.486root 11241100x8000000000000000259493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd04ebeeadb088462023-02-08 09:42:26.486root 11241100x8000000000000000259504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3829e2fa2e1303f82023-02-08 09:42:26.487root 11241100x8000000000000000259503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c645ae1c0dedbef2023-02-08 09:42:26.487root 11241100x8000000000000000259502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b0d0e5cd4c471552023-02-08 09:42:26.487root 11241100x8000000000000000259501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.722118b94cb660222023-02-08 09:42:26.487root 11241100x8000000000000000259500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a28f31372d15d7e2023-02-08 09:42:26.487root 11241100x8000000000000000259499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.452c1d6a9ec6738d2023-02-08 09:42:26.487root 11241100x8000000000000000259498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d894d3daaa77472023-02-08 09:42:26.487root 11241100x8000000000000000259497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abfafc08cbe48f782023-02-08 09:42:26.487root 11241100x8000000000000000259496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b673e9bcb5d3a4162023-02-08 09:42:26.487root 11241100x8000000000000000259508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a14c7ee87b418ec02023-02-08 09:42:26.984root 11241100x8000000000000000259507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dda14eac7f5469342023-02-08 09:42:26.984root 11241100x8000000000000000259506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab07ef5fdadc8efd2023-02-08 09:42:26.984root 11241100x8000000000000000259505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb683d675e9f4c2a2023-02-08 09:42:26.984root 11241100x8000000000000000259513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3db7ecdd6a9a7d2023-02-08 09:42:26.985root 11241100x8000000000000000259512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f84300e15f1c4652023-02-08 09:42:26.985root 11241100x8000000000000000259511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4990d5b2db3569e2023-02-08 09:42:26.985root 11241100x8000000000000000259510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fad96d0262123f22023-02-08 09:42:26.985root 11241100x8000000000000000259509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14d04e3ae0ca428f2023-02-08 09:42:26.985root 11241100x8000000000000000259521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd3815f3dba5e6812023-02-08 09:42:26.986root 11241100x8000000000000000259520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f6ad3141bdf000a2023-02-08 09:42:26.986root 11241100x8000000000000000259519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d13f3f5dbce71aaf2023-02-08 09:42:26.986root 11241100x8000000000000000259518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f3121418b4c4552023-02-08 09:42:26.986root 11241100x8000000000000000259517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e0f998b42c087f2023-02-08 09:42:26.986root 11241100x8000000000000000259516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aebce065c965fa72023-02-08 09:42:26.986root 11241100x8000000000000000259515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d114b8ba86cf512023-02-08 09:42:26.986root 11241100x8000000000000000259514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e60e75792a77ef2023-02-08 09:42:26.986root 11241100x8000000000000000259522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77dd4dca97e5fa8e2023-02-08 09:42:27.484root 11241100x8000000000000000259535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be025db3e7636312023-02-08 09:42:27.485root 11241100x8000000000000000259534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.781e82efb5531f2f2023-02-08 09:42:27.485root 11241100x8000000000000000259533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3820a0fb0a2926b2023-02-08 09:42:27.485root 11241100x8000000000000000259532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8954081cbc8ec0592023-02-08 09:42:27.485root 11241100x8000000000000000259531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e6a80bd01aeaf6a2023-02-08 09:42:27.485root 11241100x8000000000000000259530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65a3af98cc7617082023-02-08 09:42:27.485root 11241100x8000000000000000259529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dad833c14d184e02023-02-08 09:42:27.485root 11241100x8000000000000000259528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d1af401fd0898e2023-02-08 09:42:27.485root 11241100x8000000000000000259527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b26fdd2136210f002023-02-08 09:42:27.485root 11241100x8000000000000000259526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e063dd47689bac92023-02-08 09:42:27.485root 11241100x8000000000000000259525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ffb73bfc7adafb2023-02-08 09:42:27.485root 11241100x8000000000000000259524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.891eb16b7cf26d562023-02-08 09:42:27.485root 11241100x8000000000000000259523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8d2dacd411e33862023-02-08 09:42:27.485root 11241100x8000000000000000259538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc1751325765cd82023-02-08 09:42:27.486root 11241100x8000000000000000259537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f4fc01fb322bcc2023-02-08 09:42:27.486root 11241100x8000000000000000259536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1272e3d3070f33572023-02-08 09:42:27.486root 11241100x8000000000000000259540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4596e81b8a0cbb82023-02-08 09:42:27.984root 11241100x8000000000000000259539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d592d76df75bcc2023-02-08 09:42:27.984root 11241100x8000000000000000259549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15572dbcd5b4c19b2023-02-08 09:42:27.985root 11241100x8000000000000000259548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1345450a01375a282023-02-08 09:42:27.985root 11241100x8000000000000000259547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c52ffa425d139dfd2023-02-08 09:42:27.985root 11241100x8000000000000000259546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09af90e10591996c2023-02-08 09:42:27.985root 11241100x8000000000000000259545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77dca1e057238c572023-02-08 09:42:27.985root 11241100x8000000000000000259544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f4dbbb73aa67082023-02-08 09:42:27.985root 11241100x8000000000000000259543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.222cefbc078a9c6c2023-02-08 09:42:27.985root 11241100x8000000000000000259542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc64dfce2f28bd0e2023-02-08 09:42:27.985root 11241100x8000000000000000259541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96782cb69a8f1fc22023-02-08 09:42:27.985root 11241100x8000000000000000259555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91712ff6ca38819c2023-02-08 09:42:27.986root 11241100x8000000000000000259554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa3c42b9ec3c7f392023-02-08 09:42:27.986root 11241100x8000000000000000259553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a490f675219003c2023-02-08 09:42:27.986root 11241100x8000000000000000259552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44981096fec73ee02023-02-08 09:42:27.986root 11241100x8000000000000000259551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.977856b36c18b1fd2023-02-08 09:42:27.986root 11241100x8000000000000000259550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60971ec8636484002023-02-08 09:42:27.986root 354300x8000000000000000259556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.005{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-53260-false10.0.1.12-8000- 11241100x8000000000000000259558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54bb1bd16cafc3012023-02-08 09:42:28.484root 11241100x8000000000000000259557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f56d05ffa0494102023-02-08 09:42:28.484root 11241100x8000000000000000259560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01cd5fbd0c8259a82023-02-08 09:42:28.485root 11241100x8000000000000000259559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.121ee0b57c78f7072023-02-08 09:42:28.485root 11241100x8000000000000000259570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a877be5f6a5bd582023-02-08 09:42:28.486root 11241100x8000000000000000259569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb7a896b03152e72023-02-08 09:42:28.486root 11241100x8000000000000000259568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.420074c40f6ae33a2023-02-08 09:42:28.486root 11241100x8000000000000000259567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f10dab33f1eb0a2023-02-08 09:42:28.486root 11241100x8000000000000000259566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ab0fbb2b9cc8e82023-02-08 09:42:28.486root 11241100x8000000000000000259565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6381aa1806da9822023-02-08 09:42:28.486root 11241100x8000000000000000259564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e45939b59087b32023-02-08 09:42:28.486root 11241100x8000000000000000259563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5601a87faf35d3382023-02-08 09:42:28.486root 11241100x8000000000000000259562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11f5df2020c776972023-02-08 09:42:28.486root 11241100x8000000000000000259561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35215112651538062023-02-08 09:42:28.486root 11241100x8000000000000000259574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e35b522c0ec77cfe2023-02-08 09:42:28.487root 11241100x8000000000000000259573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca63e3a40aef5802023-02-08 09:42:28.487root 11241100x8000000000000000259572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ee12075cf5bcb52023-02-08 09:42:28.487root 11241100x8000000000000000259571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cda5f352fa9a51b42023-02-08 09:42:28.487root 11241100x8000000000000000259578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a504b9a33aa2e42023-02-08 09:42:28.984root 11241100x8000000000000000259577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9bb9e09426361e82023-02-08 09:42:28.984root 11241100x8000000000000000259576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc5b7ec9ce5d5eef2023-02-08 09:42:28.984root 11241100x8000000000000000259575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71ffc5c150ecc02b2023-02-08 09:42:28.984root 11241100x8000000000000000259584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56ae9d390b0c2c1f2023-02-08 09:42:28.985root 11241100x8000000000000000259583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18d8cb745244d7dc2023-02-08 09:42:28.985root 11241100x8000000000000000259582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4f2c1cb24ad4acd2023-02-08 09:42:28.985root 11241100x8000000000000000259581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a75e395d92d46f7e2023-02-08 09:42:28.985root 11241100x8000000000000000259580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d73b5720383cb3b2023-02-08 09:42:28.985root 11241100x8000000000000000259579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae4a78a8c0324abb2023-02-08 09:42:28.985root 11241100x8000000000000000259595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e689137b1ef00dc62023-02-08 09:42:28.986root 11241100x8000000000000000259594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9420ac3dd6fdb6a2023-02-08 09:42:28.986root 11241100x8000000000000000259593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6543d2a44fa777b2023-02-08 09:42:28.986root 11241100x8000000000000000259592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c14dabeaa9239ec2023-02-08 09:42:28.986root 11241100x8000000000000000259591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9359436a494a78592023-02-08 09:42:28.986root 11241100x8000000000000000259590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8108f7ebd49e87652023-02-08 09:42:28.986root 11241100x8000000000000000259589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3af77d01e2f2a56c2023-02-08 09:42:28.986root 11241100x8000000000000000259588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd39eb9eeed3d1102023-02-08 09:42:28.986root 11241100x8000000000000000259587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf4eb47315cb0df2023-02-08 09:42:28.986root 11241100x8000000000000000259586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46dc2b9595516fa52023-02-08 09:42:28.986root 11241100x8000000000000000259585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.509943eb710fbe772023-02-08 09:42:28.986root 11241100x8000000000000000259604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0108bc83e64e5ae2023-02-08 09:42:29.484root 11241100x8000000000000000259603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ee6f91578356c12023-02-08 09:42:29.484root 11241100x8000000000000000259602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ccc7e001e713c222023-02-08 09:42:29.484root 11241100x8000000000000000259601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc249a206e6d7422023-02-08 09:42:29.484root 11241100x8000000000000000259600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.319658c750b2ea5a2023-02-08 09:42:29.484root 11241100x8000000000000000259599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.780a8a3b8f0fde962023-02-08 09:42:29.484root 11241100x8000000000000000259598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1737cc53565950942023-02-08 09:42:29.484root 11241100x8000000000000000259597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.617750c342aad4f32023-02-08 09:42:29.484root 11241100x8000000000000000259596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b175fd6575e88af2023-02-08 09:42:29.484root 11241100x8000000000000000259613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6274b32761eaa22b2023-02-08 09:42:29.485root 11241100x8000000000000000259612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47f53c182acdc1e2023-02-08 09:42:29.485root 11241100x8000000000000000259611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08683e65fcddb3bb2023-02-08 09:42:29.485root 11241100x8000000000000000259610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d48a753c1ab9d52023-02-08 09:42:29.485root 11241100x8000000000000000259609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f6f4c49a664a5472023-02-08 09:42:29.485root 11241100x8000000000000000259608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a7a0dec0e2668d52023-02-08 09:42:29.485root 11241100x8000000000000000259607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5015511c5cbf0bab2023-02-08 09:42:29.485root 11241100x8000000000000000259606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f4a1fc04de431672023-02-08 09:42:29.485root 11241100x8000000000000000259605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92913ed61f4762672023-02-08 09:42:29.485root 11241100x8000000000000000259616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc4657a2480a7d6b2023-02-08 09:42:29.984root 11241100x8000000000000000259615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b9d315712a8cd9b2023-02-08 09:42:29.984root 11241100x8000000000000000259614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.304f66d011ae62f22023-02-08 09:42:29.984root 11241100x8000000000000000259630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb6959864708a302023-02-08 09:42:29.985root 11241100x8000000000000000259629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d0542285c754892023-02-08 09:42:29.985root 11241100x8000000000000000259628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4393f960140ef702023-02-08 09:42:29.985root 11241100x8000000000000000259627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd6693b44ee953ad2023-02-08 09:42:29.985root 11241100x8000000000000000259626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.143639603668d7d12023-02-08 09:42:29.985root 11241100x8000000000000000259625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dc671cdb6c4cb742023-02-08 09:42:29.985root 11241100x8000000000000000259624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfae9c6a1b402bdf2023-02-08 09:42:29.985root 11241100x8000000000000000259623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81496a330fe71d5e2023-02-08 09:42:29.985root 11241100x8000000000000000259622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd26d06875c4b9332023-02-08 09:42:29.985root 11241100x8000000000000000259621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df92c991d15493152023-02-08 09:42:29.985root 11241100x8000000000000000259620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de945f3988d62ae42023-02-08 09:42:29.985root 11241100x8000000000000000259619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a07933e335de1922023-02-08 09:42:29.985root 11241100x8000000000000000259618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507543dbe4bac3f42023-02-08 09:42:29.985root 11241100x8000000000000000259617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be38f21ea3e85fbe2023-02-08 09:42:29.985root 11241100x8000000000000000259631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2df842cc6b954362023-02-08 09:42:29.986root 11241100x8000000000000000259639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b97f6fb7f8460c412023-02-08 09:42:30.484root 11241100x8000000000000000259638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d59a437ee6024f332023-02-08 09:42:30.484root 11241100x8000000000000000259637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba14a4863c38185f2023-02-08 09:42:30.484root 11241100x8000000000000000259636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f9b767a56d5798f2023-02-08 09:42:30.484root 11241100x8000000000000000259635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be17ee3110a335e52023-02-08 09:42:30.484root 11241100x8000000000000000259634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ba64bd54afa59d2023-02-08 09:42:30.484root 11241100x8000000000000000259633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74b6780b9a44e4e12023-02-08 09:42:30.484root 11241100x8000000000000000259632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b26664c9afcdc3bf2023-02-08 09:42:30.484root 11241100x8000000000000000259649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.962288bf4e414f022023-02-08 09:42:30.485root 11241100x8000000000000000259648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31de02aa2ec7bfe92023-02-08 09:42:30.485root 11241100x8000000000000000259647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.464c47324f32f6df2023-02-08 09:42:30.485root 11241100x8000000000000000259646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.540ee31cef2a16ff2023-02-08 09:42:30.485root 11241100x8000000000000000259645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3adad941b97eab662023-02-08 09:42:30.485root 11241100x8000000000000000259644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a856f4d68c66029d2023-02-08 09:42:30.485root 11241100x8000000000000000259643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e1416dbd2600a152023-02-08 09:42:30.485root 11241100x8000000000000000259642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0de463f4c6515a72023-02-08 09:42:30.485root 11241100x8000000000000000259641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f5623569f790c542023-02-08 09:42:30.485root 11241100x8000000000000000259640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c259a50872f08ed2023-02-08 09:42:30.485root 11241100x8000000000000000259654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f9e57dcc54e4a922023-02-08 09:42:30.984root 11241100x8000000000000000259653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f46f1130ee2fe6e02023-02-08 09:42:30.984root 11241100x8000000000000000259652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b51917a1d797a22023-02-08 09:42:30.984root 11241100x8000000000000000259651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b37e5c847cbe0bdc2023-02-08 09:42:30.984root 11241100x8000000000000000259650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4714f5599cc573372023-02-08 09:42:30.984root 11241100x8000000000000000259662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd88f852f24150662023-02-08 09:42:30.985root 11241100x8000000000000000259661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ef3a6949bc659a2023-02-08 09:42:30.985root 11241100x8000000000000000259660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf04eae302e76e1b2023-02-08 09:42:30.985root 11241100x8000000000000000259659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c7244d4485c1672023-02-08 09:42:30.985root 11241100x8000000000000000259658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7c12bf643ce9db2023-02-08 09:42:30.985root 11241100x8000000000000000259657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc02e362150ad952023-02-08 09:42:30.985root 11241100x8000000000000000259656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ef74177e4253d5f2023-02-08 09:42:30.985root 11241100x8000000000000000259655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e6f12034d51b2482023-02-08 09:42:30.985root 11241100x8000000000000000259667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195f0e1a105ff9252023-02-08 09:42:30.986root 11241100x8000000000000000259666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f865f94ef52193cc2023-02-08 09:42:30.986root 11241100x8000000000000000259665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603b2b36e23cb7ad2023-02-08 09:42:30.986root 11241100x8000000000000000259664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cfea7dda5f971f42023-02-08 09:42:30.986root 11241100x8000000000000000259663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba5934d4206c1242023-02-08 09:42:30.986root 11241100x8000000000000000259669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d840ea207eb14a2023-02-08 09:42:31.484root 11241100x8000000000000000259668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d5ed97f28e4074d2023-02-08 09:42:31.484root 11241100x8000000000000000259675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd4d5f14558eac8c2023-02-08 09:42:31.485root 11241100x8000000000000000259674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b134f9775a429fd2023-02-08 09:42:31.485root 11241100x8000000000000000259673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb8d47ce953d0512023-02-08 09:42:31.485root 11241100x8000000000000000259672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ad7c2dfb2dd6812023-02-08 09:42:31.485root 11241100x8000000000000000259671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88540f84a057ed312023-02-08 09:42:31.485root 11241100x8000000000000000259670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.793934c6472931102023-02-08 09:42:31.485root 11241100x8000000000000000259682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ed81a8dfa57b0872023-02-08 09:42:31.486root 11241100x8000000000000000259681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cfa017028fa55712023-02-08 09:42:31.486root 11241100x8000000000000000259680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06b47a0b10e082602023-02-08 09:42:31.486root 11241100x8000000000000000259679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0041ec20060b91532023-02-08 09:42:31.486root 11241100x8000000000000000259678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cd6a5bfd4005f6c2023-02-08 09:42:31.486root 11241100x8000000000000000259677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea35e5b10cab8e962023-02-08 09:42:31.486root 11241100x8000000000000000259676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.664731a0b2bc16522023-02-08 09:42:31.486root 11241100x8000000000000000259685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b74d0e709c57fb22023-02-08 09:42:31.487root 11241100x8000000000000000259684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a7ca37a88d93e52023-02-08 09:42:31.487root 11241100x8000000000000000259683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cef56dee0c696e5d2023-02-08 09:42:31.487root 11241100x8000000000000000259687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5369177035f4750b2023-02-08 09:42:31.984root 11241100x8000000000000000259686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e08b748bb3c1a1892023-02-08 09:42:31.984root 11241100x8000000000000000259694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a2538bdd8d31f992023-02-08 09:42:31.985root 11241100x8000000000000000259693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61fdece67ba3875f2023-02-08 09:42:31.985root 11241100x8000000000000000259692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d513427503a758ed2023-02-08 09:42:31.985root 11241100x8000000000000000259691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6198462e9666e83e2023-02-08 09:42:31.985root 11241100x8000000000000000259690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ffd4768eebb3102023-02-08 09:42:31.985root 11241100x8000000000000000259689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49944c2d217b4c7a2023-02-08 09:42:31.985root 11241100x8000000000000000259688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65f353bb4aeda6c2023-02-08 09:42:31.985root 11241100x8000000000000000259702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d583f6acc8bf8f952023-02-08 09:42:31.986root 11241100x8000000000000000259701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1641aacdc2cf9d2023-02-08 09:42:31.986root 11241100x8000000000000000259700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39511e7826a38a042023-02-08 09:42:31.986root 11241100x8000000000000000259699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7fb0d0b1cc3ac342023-02-08 09:42:31.986root 11241100x8000000000000000259698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bb47de3f2cf13ab2023-02-08 09:42:31.986root 11241100x8000000000000000259697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a7cec95a57e81b12023-02-08 09:42:31.986root 11241100x8000000000000000259696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.332d16f9aa73807b2023-02-08 09:42:31.986root 11241100x8000000000000000259695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d029b56325000a902023-02-08 09:42:31.986root 11241100x8000000000000000259703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d1e60ce7eb05312023-02-08 09:42:31.987root 11241100x8000000000000000259711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29d54de49689b1312023-02-08 09:42:32.484root 11241100x8000000000000000259710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3959e0e5c32d1a502023-02-08 09:42:32.484root 11241100x8000000000000000259709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5933fd249f14b3892023-02-08 09:42:32.484root 11241100x8000000000000000259708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87fa2c4ee612fe732023-02-08 09:42:32.484root 11241100x8000000000000000259707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f20bb4ec23554532023-02-08 09:42:32.484root 11241100x8000000000000000259706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6334c82f9d7fee1a2023-02-08 09:42:32.484root 11241100x8000000000000000259705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c36bc6560191ba2023-02-08 09:42:32.484root 11241100x8000000000000000259704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54581402b28e01b62023-02-08 09:42:32.484root 11241100x8000000000000000259720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a0d0265401959b2023-02-08 09:42:32.485root 11241100x8000000000000000259719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8aa71dd944a6b972023-02-08 09:42:32.485root 11241100x8000000000000000259718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24a89ffb1562ab412023-02-08 09:42:32.485root 11241100x8000000000000000259717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.334ae529b4e623d22023-02-08 09:42:32.485root 11241100x8000000000000000259716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e33dad1bfafa54872023-02-08 09:42:32.485root 11241100x8000000000000000259715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abb5ed8ddd958a5f2023-02-08 09:42:32.485root 11241100x8000000000000000259714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1046beaaa5f6d6102023-02-08 09:42:32.485root 11241100x8000000000000000259713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a5aef97c2f109a92023-02-08 09:42:32.485root 11241100x8000000000000000259712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.815dbe9d79e300fd2023-02-08 09:42:32.485root 11241100x8000000000000000259721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf7712a400e8492b2023-02-08 09:42:32.486root 11241100x8000000000000000259723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab646779541d0c512023-02-08 09:42:32.984root 11241100x8000000000000000259722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baadc27cffdebef22023-02-08 09:42:32.984root 11241100x8000000000000000259732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a09e8c8d59501d2023-02-08 09:42:32.985root 11241100x8000000000000000259731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e15c1c36839d3d02023-02-08 09:42:32.985root 11241100x8000000000000000259730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cedb2e73e3dc03342023-02-08 09:42:32.985root 11241100x8000000000000000259729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca5ff42f2e6a2d02023-02-08 09:42:32.985root 11241100x8000000000000000259728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1e27fd6da579cf12023-02-08 09:42:32.985root 11241100x8000000000000000259727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae60b2df27c6ba02023-02-08 09:42:32.985root 11241100x8000000000000000259726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1916acf7c5af0a42023-02-08 09:42:32.985root 11241100x8000000000000000259725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900165b38487be332023-02-08 09:42:32.985root 11241100x8000000000000000259724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd793d687a7621f2023-02-08 09:42:32.985root 11241100x8000000000000000259739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c3cd0384d4cceaf2023-02-08 09:42:32.986root 11241100x8000000000000000259738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc24fd331f032572023-02-08 09:42:32.986root 11241100x8000000000000000259737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfb20a8054bd67dc2023-02-08 09:42:32.986root 11241100x8000000000000000259736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcbf5fe54a7ac3ee2023-02-08 09:42:32.986root 11241100x8000000000000000259735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54fd9456ebf3bc062023-02-08 09:42:32.986root 11241100x8000000000000000259734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb89af0b2907d3b82023-02-08 09:42:32.986root 11241100x8000000000000000259733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410dbf565df9133f2023-02-08 09:42:32.986root 354300x8000000000000000259740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.084{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-53264-false10.0.1.12-8000- 11241100x8000000000000000259743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c7071a41a4e9362023-02-08 09:42:33.484root 11241100x8000000000000000259742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53a66ea27f488c7c2023-02-08 09:42:33.484root 11241100x8000000000000000259741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc13fd57445fa9492023-02-08 09:42:33.484root 11241100x8000000000000000259751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd74744657567cc62023-02-08 09:42:33.485root 11241100x8000000000000000259750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee16eb7767cca5c2023-02-08 09:42:33.485root 11241100x8000000000000000259749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93d29df2a4076ae42023-02-08 09:42:33.485root 11241100x8000000000000000259748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d14909c8d76e9692023-02-08 09:42:33.485root 11241100x8000000000000000259747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f52a76286c752aa52023-02-08 09:42:33.485root 11241100x8000000000000000259746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7573fb277d10438a2023-02-08 09:42:33.485root 11241100x8000000000000000259745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.291030f4b22d59722023-02-08 09:42:33.485root 11241100x8000000000000000259744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.644d208aedc690432023-02-08 09:42:33.485root 11241100x8000000000000000259758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb955a50015c4b312023-02-08 09:42:33.486root 11241100x8000000000000000259757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e9b80f841184e72023-02-08 09:42:33.486root 11241100x8000000000000000259756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6aa1349906d34ec2023-02-08 09:42:33.486root 11241100x8000000000000000259755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.993f008ba32221d52023-02-08 09:42:33.486root 11241100x8000000000000000259754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.350c2f75e76551ee2023-02-08 09:42:33.486root 11241100x8000000000000000259753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0871fd9284daba002023-02-08 09:42:33.486root 11241100x8000000000000000259752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddedbc626f6dfbcc2023-02-08 09:42:33.486root 11241100x8000000000000000259759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.005312b4f8753b072023-02-08 09:42:33.487root 11241100x8000000000000000259761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e73a349451bf99092023-02-08 09:42:33.984root 11241100x8000000000000000259760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b27d8fc30695dfc22023-02-08 09:42:33.984root 11241100x8000000000000000259768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.859e98997d32b7632023-02-08 09:42:33.985root 11241100x8000000000000000259767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f78d2a7d7ab935352023-02-08 09:42:33.985root 11241100x8000000000000000259766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5b024b32b47a212023-02-08 09:42:33.985root 11241100x8000000000000000259765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37617dfdf77d8b5d2023-02-08 09:42:33.985root 11241100x8000000000000000259764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88037914e765812d2023-02-08 09:42:33.985root 11241100x8000000000000000259763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.018f9c99b524e5812023-02-08 09:42:33.985root 11241100x8000000000000000259762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19fb02b412d152912023-02-08 09:42:33.985root 11241100x8000000000000000259771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19c6107fdce663292023-02-08 09:42:33.986root 11241100x8000000000000000259770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef90ccf8f6acd5e82023-02-08 09:42:33.986root 11241100x8000000000000000259769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba783339c79e72102023-02-08 09:42:33.986root 11241100x8000000000000000259778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f99f46275b58e6372023-02-08 09:42:33.987root 11241100x8000000000000000259777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.181a3a910044e46a2023-02-08 09:42:33.987root 11241100x8000000000000000259776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f850d7f64a4ef912023-02-08 09:42:33.987root 11241100x8000000000000000259775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.146b9a3ed87f90822023-02-08 09:42:33.987root 11241100x8000000000000000259774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5bfca9138945b32023-02-08 09:42:33.987root 11241100x8000000000000000259773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.180e101888731de82023-02-08 09:42:33.987root 11241100x8000000000000000259772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d9ac8e4402b0222023-02-08 09:42:33.987root 11241100x8000000000000000259779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1293d8551a4e46552023-02-08 09:42:34.484root 11241100x8000000000000000259788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f72c83df72e0e9f2023-02-08 09:42:34.485root 11241100x8000000000000000259787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a22906b8d4baa32023-02-08 09:42:34.485root 11241100x8000000000000000259786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4be4b71ec6a19a32023-02-08 09:42:34.485root 11241100x8000000000000000259785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c52a01c23cb9aba2023-02-08 09:42:34.485root 11241100x8000000000000000259784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec13c058e8b9ef162023-02-08 09:42:34.485root 11241100x8000000000000000259783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f813fe51a43fcc2023-02-08 09:42:34.485root 11241100x8000000000000000259782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.559d4ed11b39ce602023-02-08 09:42:34.485root 11241100x8000000000000000259781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07aade5a24ceca922023-02-08 09:42:34.485root 11241100x8000000000000000259780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.650676eec3c77fad2023-02-08 09:42:34.485root 11241100x8000000000000000259795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8367a8e331e20d742023-02-08 09:42:34.486root 11241100x8000000000000000259794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0377aedebd97e90a2023-02-08 09:42:34.486root 11241100x8000000000000000259793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4aafa166c58e792023-02-08 09:42:34.486root 11241100x8000000000000000259792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02803ee3986026882023-02-08 09:42:34.486root 11241100x8000000000000000259791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d079b56b273d70d2023-02-08 09:42:34.486root 11241100x8000000000000000259790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d97fdc0752a6b172023-02-08 09:42:34.486root 11241100x8000000000000000259789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fffb09bd4c427b7b2023-02-08 09:42:34.486root 11241100x8000000000000000259797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e95b7aff1c6544b02023-02-08 09:42:34.487root 11241100x8000000000000000259796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85a72b92d50af8992023-02-08 09:42:34.487root 11241100x8000000000000000259798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc994ea27fb2d2582023-02-08 09:42:34.984root 11241100x8000000000000000259807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.540b46f2fb1ea20f2023-02-08 09:42:34.985root 11241100x8000000000000000259806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d781f663efab8962023-02-08 09:42:34.985root 11241100x8000000000000000259805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15b06bb936ea632a2023-02-08 09:42:34.985root 11241100x8000000000000000259804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da4f71d52ccc7822023-02-08 09:42:34.985root 11241100x8000000000000000259803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ab3a721cae20372023-02-08 09:42:34.985root 11241100x8000000000000000259802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ebb06728b2c3e62023-02-08 09:42:34.985root 11241100x8000000000000000259801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c0429c2d72693e32023-02-08 09:42:34.985root 11241100x8000000000000000259800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f75619dd295b4db2023-02-08 09:42:34.985root 11241100x8000000000000000259799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9d1cf278906ea5e2023-02-08 09:42:34.985root 11241100x8000000000000000259816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d28e308930234e2023-02-08 09:42:34.986root 11241100x8000000000000000259815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a98681bc45fbfed2023-02-08 09:42:34.986root 11241100x8000000000000000259814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe1f5329308f2b72023-02-08 09:42:34.986root 11241100x8000000000000000259813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44e14b8dd1c814522023-02-08 09:42:34.986root 11241100x8000000000000000259812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.034d753016fed30f2023-02-08 09:42:34.986root 11241100x8000000000000000259811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2c91dc04c121b2e2023-02-08 09:42:34.986root 11241100x8000000000000000259810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cac28f5b84778da2023-02-08 09:42:34.986root 11241100x8000000000000000259809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b60c6e046e6903572023-02-08 09:42:34.986root 11241100x8000000000000000259808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c353524ffc556322023-02-08 09:42:34.986root 11241100x8000000000000000259818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.571d148aec3582c22023-02-08 09:42:35.484root 11241100x8000000000000000259817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c83faa8bf39bad02023-02-08 09:42:35.484root 11241100x8000000000000000259829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e1f164127ed20542023-02-08 09:42:35.485root 11241100x8000000000000000259828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afb9a5fb83728bb92023-02-08 09:42:35.485root 11241100x8000000000000000259827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbb8a4664b0ce13c2023-02-08 09:42:35.485root 11241100x8000000000000000259826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d97d51649e5db8e42023-02-08 09:42:35.485root 11241100x8000000000000000259825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1507049d14332a512023-02-08 09:42:35.485root 11241100x8000000000000000259824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a22a144d401cf02023-02-08 09:42:35.485root 11241100x8000000000000000259823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f555abd05001022023-02-08 09:42:35.485root 11241100x8000000000000000259822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90847df5c0936bc52023-02-08 09:42:35.485root 11241100x8000000000000000259821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d78b0a535e2d4f2023-02-08 09:42:35.485root 11241100x8000000000000000259820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a7c9976299194552023-02-08 09:42:35.485root 11241100x8000000000000000259819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa56b030c70b2f4b2023-02-08 09:42:35.485root 11241100x8000000000000000259835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f4093d720b4e782023-02-08 09:42:35.486root 11241100x8000000000000000259834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3443b6bae988dc02023-02-08 09:42:35.486root 11241100x8000000000000000259833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6de8a97ec6093272023-02-08 09:42:35.486root 11241100x8000000000000000259832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5915c2c4525f4cc82023-02-08 09:42:35.486root 11241100x8000000000000000259831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f5195dec692dc252023-02-08 09:42:35.486root 11241100x8000000000000000259830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc8bd40b70729122023-02-08 09:42:35.486root 11241100x8000000000000000259840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e6f06e515dff162023-02-08 09:42:35.984root 11241100x8000000000000000259839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c10965427de39272023-02-08 09:42:35.984root 11241100x8000000000000000259838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d026639a628921182023-02-08 09:42:35.984root 11241100x8000000000000000259837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eba680e2ef64756a2023-02-08 09:42:35.984root 11241100x8000000000000000259836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b80eacdf46a505ce2023-02-08 09:42:35.984root 11241100x8000000000000000259847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1044c864ca902c72023-02-08 09:42:35.985root 11241100x8000000000000000259846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeebe86ca50133b02023-02-08 09:42:35.985root 11241100x8000000000000000259845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45ea4de97cb97bef2023-02-08 09:42:35.985root 11241100x8000000000000000259844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18553e7d59e37fc42023-02-08 09:42:35.985root 11241100x8000000000000000259843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f86660b5e0fdbde02023-02-08 09:42:35.985root 11241100x8000000000000000259842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a95212c95daf8cb2023-02-08 09:42:35.985root 11241100x8000000000000000259841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de9606347c48552f2023-02-08 09:42:35.985root 11241100x8000000000000000259854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad357832d50c25572023-02-08 09:42:35.986root 11241100x8000000000000000259853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cada444871ae3dc62023-02-08 09:42:35.986root 11241100x8000000000000000259852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4841f63e37d2889d2023-02-08 09:42:35.986root 11241100x8000000000000000259851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.456b50a23d478b5d2023-02-08 09:42:35.986root 11241100x8000000000000000259850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c286944356e0fed2023-02-08 09:42:35.986root 11241100x8000000000000000259849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825cdd6a76affde02023-02-08 09:42:35.986root 11241100x8000000000000000259848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bff01345193354472023-02-08 09:42:35.986root 11241100x8000000000000000259855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.364{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2023-02-08 09:42:36.364root 11241100x8000000000000000259861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d390d02f06c65082023-02-08 09:42:36.365root 11241100x8000000000000000259860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a07a745eaa821a342023-02-08 09:42:36.365root 11241100x8000000000000000259859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a37af7bb036030d22023-02-08 09:42:36.365root 11241100x8000000000000000259858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8144e8a9969cb002023-02-08 09:42:36.365root 11241100x8000000000000000259857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edfbf8d20769fc202023-02-08 09:42:36.365root 11241100x8000000000000000259856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e04b82245ad9f582023-02-08 09:42:36.365root 11241100x8000000000000000259868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec303502f3946c812023-02-08 09:42:36.366root 11241100x8000000000000000259867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe59b274de93d70e2023-02-08 09:42:36.366root 11241100x8000000000000000259866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3af3fe4eaf4811682023-02-08 09:42:36.366root 11241100x8000000000000000259865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.385219c0ce9c0a512023-02-08 09:42:36.366root 11241100x8000000000000000259864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1e45c68ba7b81a2023-02-08 09:42:36.366root 11241100x8000000000000000259863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.520607d788dda82c2023-02-08 09:42:36.366root 11241100x8000000000000000259862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f6990a26a65b452023-02-08 09:42:36.366root 11241100x8000000000000000259875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4600febf566bc2b82023-02-08 09:42:36.367root 11241100x8000000000000000259874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2d07ade507804232023-02-08 09:42:36.367root 11241100x8000000000000000259873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b865b49b63a7a6522023-02-08 09:42:36.367root 11241100x8000000000000000259872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4293d3a4648560a62023-02-08 09:42:36.367root 11241100x8000000000000000259871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5efbb94e18a84322023-02-08 09:42:36.367root 11241100x8000000000000000259870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2dd80fb2b6c5a952023-02-08 09:42:36.367root 11241100x8000000000000000259869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56d10127169cba432023-02-08 09:42:36.367root 11241100x8000000000000000259879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc4e6bfa3c7fe4092023-02-08 09:42:36.368root 11241100x8000000000000000259878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b485fb3e6aee05d32023-02-08 09:42:36.368root 11241100x8000000000000000259877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa6301d703f3eb82023-02-08 09:42:36.368root 11241100x8000000000000000259876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f92f394ebb53bb72023-02-08 09:42:36.368root 11241100x8000000000000000259881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68db3bffdbaf42472023-02-08 09:42:36.734root 11241100x8000000000000000259880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a749e0c54a9f29e2023-02-08 09:42:36.734root 11241100x8000000000000000259891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a2e8059fc8713072023-02-08 09:42:36.735root 11241100x8000000000000000259890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d466b9d79dc669bf2023-02-08 09:42:36.735root 11241100x8000000000000000259889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea7c50c07220f4ca2023-02-08 09:42:36.735root 11241100x8000000000000000259888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09e2272ee6be95b42023-02-08 09:42:36.735root 11241100x8000000000000000259887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb5a20a7594efc22023-02-08 09:42:36.735root 11241100x8000000000000000259886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fae026ba379a8b52023-02-08 09:42:36.735root 11241100x8000000000000000259885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.418d0e21a10401c82023-02-08 09:42:36.735root 11241100x8000000000000000259884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb333eb2445ca31c2023-02-08 09:42:36.735root 11241100x8000000000000000259883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a9dacc13376dcc2023-02-08 09:42:36.735root 11241100x8000000000000000259882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce7f4bfc04b44acc2023-02-08 09:42:36.735root 11241100x8000000000000000259899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9645c4b6fec4ffc2023-02-08 09:42:36.736root 11241100x8000000000000000259898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0b2a82c545b36bb2023-02-08 09:42:36.736root 11241100x8000000000000000259897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9f37ebcae2bfbe2023-02-08 09:42:36.736root 11241100x8000000000000000259896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ed5a79f6b19e142023-02-08 09:42:36.736root 11241100x8000000000000000259895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47da58db264706c12023-02-08 09:42:36.736root 11241100x8000000000000000259894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa6b08654a668ef12023-02-08 09:42:36.736root 11241100x8000000000000000259893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11354e9cab41c95e2023-02-08 09:42:36.736root 11241100x8000000000000000259892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dfac16a1767f9f42023-02-08 09:42:36.736root 11241100x8000000000000000259900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9895bcb1da76976c2023-02-08 09:42:37.234root 11241100x8000000000000000259908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ae252ab32bb4542023-02-08 09:42:37.235root 11241100x8000000000000000259907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca3af135a113c7c82023-02-08 09:42:37.235root 11241100x8000000000000000259906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.876010517a197b562023-02-08 09:42:37.235root 11241100x8000000000000000259905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2816d868f88a427e2023-02-08 09:42:37.235root 11241100x8000000000000000259904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a299058824652bce2023-02-08 09:42:37.235root 11241100x8000000000000000259903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0b715280a398c452023-02-08 09:42:37.235root 11241100x8000000000000000259902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15371f6946ae744f2023-02-08 09:42:37.235root 11241100x8000000000000000259901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9ddee744b90a68d2023-02-08 09:42:37.235root 11241100x8000000000000000259919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23c86f85d8f2e2ea2023-02-08 09:42:37.236root 11241100x8000000000000000259918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c7567e0c3edaa622023-02-08 09:42:37.236root 11241100x8000000000000000259917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc533f50d2427e32023-02-08 09:42:37.236root 11241100x8000000000000000259916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9be7e37fc374f5cf2023-02-08 09:42:37.236root 11241100x8000000000000000259915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d18788a0da13cd2023-02-08 09:42:37.236root 11241100x8000000000000000259914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.040963329f43bfd72023-02-08 09:42:37.236root 11241100x8000000000000000259913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45717904e7279cfa2023-02-08 09:42:37.236root 11241100x8000000000000000259912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c125b5268752f1942023-02-08 09:42:37.236root 11241100x8000000000000000259911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c87bb48499832422023-02-08 09:42:37.236root 11241100x8000000000000000259910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d965d950fb285cb62023-02-08 09:42:37.236root 11241100x8000000000000000259909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e5383abda2994a2023-02-08 09:42:37.236root 11241100x8000000000000000259920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1afbcb7a4e872ee2023-02-08 09:42:37.734root 11241100x8000000000000000259935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0500a28b94fac9d12023-02-08 09:42:37.735root 11241100x8000000000000000259934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.560d9cb5422be2662023-02-08 09:42:37.735root 11241100x8000000000000000259933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b85e5985e1ef5c72023-02-08 09:42:37.735root 11241100x8000000000000000259932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0f54687cbf66cd92023-02-08 09:42:37.735root 11241100x8000000000000000259931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70456480f7628f372023-02-08 09:42:37.735root 11241100x8000000000000000259930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b1d6d5b82d78452023-02-08 09:42:37.735root 11241100x8000000000000000259929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a88fbe34965018412023-02-08 09:42:37.735root 11241100x8000000000000000259928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a112ee2ab386ad432023-02-08 09:42:37.735root 11241100x8000000000000000259927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbaa6f6c327012fe2023-02-08 09:42:37.735root 11241100x8000000000000000259926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b78c67efe99d6332023-02-08 09:42:37.735root 11241100x8000000000000000259925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c9bee2986a3a2862023-02-08 09:42:37.735root 11241100x8000000000000000259924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29ece8479eef1e7b2023-02-08 09:42:37.735root 11241100x8000000000000000259923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c444ba5545cfeed2023-02-08 09:42:37.735root 11241100x8000000000000000259922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac67315b58e1b912023-02-08 09:42:37.735root 11241100x8000000000000000259921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b04b1d1153959ab2023-02-08 09:42:37.735root 11241100x8000000000000000259939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f784ff02fc8b73d52023-02-08 09:42:37.736root 11241100x8000000000000000259938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf842f44f63ebc22023-02-08 09:42:37.736root 11241100x8000000000000000259937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09398bd8e1e954382023-02-08 09:42:37.736root 11241100x8000000000000000259936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d87084f28f3bbee2023-02-08 09:42:37.736root 11241100x8000000000000000259942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.089{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea5ef2de8420254d2023-02-08 09:42:38.089root 11241100x8000000000000000259941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.089{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bf3d7d1244228f62023-02-08 09:42:38.089root 354300x8000000000000000259940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.089{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36694-false10.0.1.12-8000- 11241100x8000000000000000259949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.090{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57052b313df6c47b2023-02-08 09:42:38.090root 11241100x8000000000000000259948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.090{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf9552ccc22dea6b2023-02-08 09:42:38.090root 11241100x8000000000000000259947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.090{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9200128cba949e512023-02-08 09:42:38.090root 11241100x8000000000000000259946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.090{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.977f270ba4bca3692023-02-08 09:42:38.090root 11241100x8000000000000000259945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.090{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b7728a8cfbedf22023-02-08 09:42:38.090root 11241100x8000000000000000259944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.090{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd3cca681240d892023-02-08 09:42:38.090root 11241100x8000000000000000259943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.090{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.036a9e0f720012642023-02-08 09:42:38.090root 11241100x8000000000000000259952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.091{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa56cc70ff97ac6e2023-02-08 09:42:38.091root 11241100x8000000000000000259951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.091{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dabd1fa06b70a5102023-02-08 09:42:38.091root 11241100x8000000000000000259950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.091{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3965dc534dffd6ef2023-02-08 09:42:38.091root 11241100x8000000000000000259956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.092{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2041ae6b1065935b2023-02-08 09:42:38.092root 11241100x8000000000000000259955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.092{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d8ddc032cc0a8922023-02-08 09:42:38.092root 11241100x8000000000000000259954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.092{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9b7fa09e492f2b52023-02-08 09:42:38.092root 11241100x8000000000000000259953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.092{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ddee129fd21a49a2023-02-08 09:42:38.092root 11241100x8000000000000000259960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.093{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61635a1d4a9669dc2023-02-08 09:42:38.093root 11241100x8000000000000000259959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.093{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd1c573951c7106e2023-02-08 09:42:38.093root 11241100x8000000000000000259958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.093{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cda0a990fd522cbf2023-02-08 09:42:38.093root 11241100x8000000000000000259957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.093{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96437cf1aa01e7c52023-02-08 09:42:38.093root 11241100x8000000000000000259963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.094{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ffd1631c20c8d892023-02-08 09:42:38.094root 11241100x8000000000000000259962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.094{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b9f0ad2d9d52c32023-02-08 09:42:38.094root 11241100x8000000000000000259961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.094{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b24ef2ab66d11952023-02-08 09:42:38.094root 11241100x8000000000000000259967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.095{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f032ec89d641a21f2023-02-08 09:42:38.095root 11241100x8000000000000000259966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.095{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d88e51ef466c81a2023-02-08 09:42:38.095root 11241100x8000000000000000259965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.095{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.424d6096691249782023-02-08 09:42:38.095root 11241100x8000000000000000259964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.095{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25916dd2595323472023-02-08 09:42:38.095root 11241100x8000000000000000259972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.096{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6457373ab36faf7a2023-02-08 09:42:38.096root 11241100x8000000000000000259971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.096{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ab9eed6597193ce2023-02-08 09:42:38.096root 11241100x8000000000000000259970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.096{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23ece31f4c2aeed12023-02-08 09:42:38.096root 11241100x8000000000000000259969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.096{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.007834735420e2032023-02-08 09:42:38.096root 11241100x8000000000000000259968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.096{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff163741ccc15722023-02-08 09:42:38.096root 11241100x8000000000000000259973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.453085019bc60a582023-02-08 09:42:38.484root 11241100x8000000000000000259985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d44f496252c15a2023-02-08 09:42:38.485root 11241100x8000000000000000259984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f18cf6970331eef2023-02-08 09:42:38.485root 11241100x8000000000000000259983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be94ff469a9438f72023-02-08 09:42:38.485root 11241100x8000000000000000259982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cade16a512f574c2023-02-08 09:42:38.485root 11241100x8000000000000000259981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.283d7b7d48239b432023-02-08 09:42:38.485root 11241100x8000000000000000259980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5386eb92301256cb2023-02-08 09:42:38.485root 11241100x8000000000000000259979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69bbef9cf0296e672023-02-08 09:42:38.485root 11241100x8000000000000000259978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c234f8fae741072023-02-08 09:42:38.485root 11241100x8000000000000000259977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92dd9c173f8df2bb2023-02-08 09:42:38.485root 11241100x8000000000000000259976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1aef82f8d4f6a9d2023-02-08 09:42:38.485root 11241100x8000000000000000259975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.542a38b4252fc1932023-02-08 09:42:38.485root 11241100x8000000000000000259974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d964e7168ccf0e2023-02-08 09:42:38.485root 11241100x8000000000000000259992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0bdbde707c422a62023-02-08 09:42:38.486root 11241100x8000000000000000259991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b250451922092cf2023-02-08 09:42:38.486root 11241100x8000000000000000259990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55bb97817d89d83f2023-02-08 09:42:38.486root 11241100x8000000000000000259989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1468e893b42e61b2023-02-08 09:42:38.486root 11241100x8000000000000000259988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff633df445b16cb92023-02-08 09:42:38.486root 11241100x8000000000000000259987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e8bf9d58754cd72023-02-08 09:42:38.486root 11241100x8000000000000000259986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.762b514b4a7c2cde2023-02-08 09:42:38.486root 11241100x8000000000000000259993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e849f8628378c92023-02-08 09:42:38.487root 11241100x8000000000000000259994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c60d687b293813ba2023-02-08 09:42:38.984root 11241100x8000000000000000260004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a784512d79e4ca2023-02-08 09:42:38.985root 11241100x8000000000000000260003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e094f1302da1c99b2023-02-08 09:42:38.985root 11241100x8000000000000000260002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327ca81e77e1dd242023-02-08 09:42:38.985root 11241100x8000000000000000260001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a404e57b8401862023-02-08 09:42:38.985root 11241100x8000000000000000260000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faabb6a5029304a22023-02-08 09:42:38.985root 11241100x8000000000000000259999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.022157a5062825582023-02-08 09:42:38.985root 11241100x8000000000000000259998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7810536037821bc2023-02-08 09:42:38.985root 11241100x8000000000000000259997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.432eca5f17b58cc82023-02-08 09:42:38.985root 11241100x8000000000000000259996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10eef0743fcaa1752023-02-08 09:42:38.985root 11241100x8000000000000000259995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e474e87e4aa68b32023-02-08 09:42:38.985root 11241100x8000000000000000260014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c373da1c8826f7482023-02-08 09:42:38.986root 11241100x8000000000000000260013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.835fe57d9477e8ef2023-02-08 09:42:38.986root 11241100x8000000000000000260012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0324119138d9e9c2023-02-08 09:42:38.986root 11241100x8000000000000000260011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e95e5930190b439d2023-02-08 09:42:38.986root 11241100x8000000000000000260010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e7e9267a4d05fd72023-02-08 09:42:38.986root 11241100x8000000000000000260009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72ca055d35250682023-02-08 09:42:38.986root 11241100x8000000000000000260008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b8067997f402edf2023-02-08 09:42:38.986root 11241100x8000000000000000260007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b6f5dfc3cc3784f2023-02-08 09:42:38.986root 11241100x8000000000000000260006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02b272a605b6be9a2023-02-08 09:42:38.986root 11241100x8000000000000000260005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f782749a3b6f05da2023-02-08 09:42:38.986root 23542300x8000000000000000260015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.365{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000260022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99521b302f6aa2ba2023-02-08 09:42:39.366root 11241100x8000000000000000260021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d8ce3c1779943862023-02-08 09:42:39.366root 11241100x8000000000000000260020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4b1f72ecd434c8b2023-02-08 09:42:39.366root 11241100x8000000000000000260019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c8eef750b6716112023-02-08 09:42:39.366root 11241100x8000000000000000260018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eef50021f484aaa2023-02-08 09:42:39.366root 11241100x8000000000000000260017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a550c3018ad06f472023-02-08 09:42:39.366root 11241100x8000000000000000260016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d5b6590145e9db2023-02-08 09:42:39.366root 11241100x8000000000000000260033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b2f79eae2df8fb2023-02-08 09:42:39.367root 11241100x8000000000000000260032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a15b6a5c0dadd2c82023-02-08 09:42:39.367root 11241100x8000000000000000260031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33edc1b09b1b7ee12023-02-08 09:42:39.367root 11241100x8000000000000000260030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1b6c861aa79c9b2023-02-08 09:42:39.367root 11241100x8000000000000000260029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eff7df98c4e082c2023-02-08 09:42:39.367root 11241100x8000000000000000260028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0e3410e8ee19d512023-02-08 09:42:39.367root 11241100x8000000000000000260027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab6dea911c68e4802023-02-08 09:42:39.367root 11241100x8000000000000000260026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78354c22d911d3c12023-02-08 09:42:39.367root 11241100x8000000000000000260025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86318a99a5f9fb882023-02-08 09:42:39.367root 11241100x8000000000000000260024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff094146efa5f61f2023-02-08 09:42:39.367root 11241100x8000000000000000260023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a8bb7939f4b44522023-02-08 09:42:39.367root 11241100x8000000000000000260040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a285005db95e5e42023-02-08 09:42:39.368root 11241100x8000000000000000260039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a4ef71721fd28c72023-02-08 09:42:39.368root 11241100x8000000000000000260038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8559f0695b090df72023-02-08 09:42:39.368root 11241100x8000000000000000260037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ad4d2ae2d334d7f2023-02-08 09:42:39.368root 11241100x8000000000000000260036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.715546d6361bfdd62023-02-08 09:42:39.368root 11241100x8000000000000000260035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0657392f8d4b13732023-02-08 09:42:39.368root 11241100x8000000000000000260034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be530aafcf390192023-02-08 09:42:39.368root 11241100x8000000000000000260041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.992deffc7ef65a092023-02-08 09:42:39.734root 11241100x8000000000000000260055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c685d6d3f718e7e82023-02-08 09:42:39.735root 11241100x8000000000000000260054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b405b62e97c983902023-02-08 09:42:39.735root 11241100x8000000000000000260053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36bf62afc9ba6e432023-02-08 09:42:39.735root 11241100x8000000000000000260052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.396da98a04b743172023-02-08 09:42:39.735root 11241100x8000000000000000260051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73738f97e9ab4c5e2023-02-08 09:42:39.735root 11241100x8000000000000000260050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d93e5bfa36a718062023-02-08 09:42:39.735root 11241100x8000000000000000260049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8899cc6369e81c2a2023-02-08 09:42:39.735root 11241100x8000000000000000260048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc17fbb4b0a377aa2023-02-08 09:42:39.735root 11241100x8000000000000000260047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62960490bd4cfb322023-02-08 09:42:39.735root 11241100x8000000000000000260046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.077cd672f9b576e42023-02-08 09:42:39.735root 11241100x8000000000000000260045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f64151404044720b2023-02-08 09:42:39.735root 11241100x8000000000000000260044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22638b6a0cec99c52023-02-08 09:42:39.735root 11241100x8000000000000000260043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8837e0ef06da898a2023-02-08 09:42:39.735root 11241100x8000000000000000260042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7922cd0cda7ffa12023-02-08 09:42:39.735root 11241100x8000000000000000260062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.411b0f1ceb561ec32023-02-08 09:42:39.736root 11241100x8000000000000000260061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13aeba6fc08c0c952023-02-08 09:42:39.736root 11241100x8000000000000000260060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d2f35fd9f6f6f412023-02-08 09:42:39.736root 11241100x8000000000000000260059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c70c2b3db16e7cd02023-02-08 09:42:39.736root 11241100x8000000000000000260058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e873ef5494c495e2023-02-08 09:42:39.736root 11241100x8000000000000000260057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11739491e52c1ad82023-02-08 09:42:39.736root 11241100x8000000000000000260056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d9a1316c275add2023-02-08 09:42:39.736root 11241100x8000000000000000260063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0876a8cd463e8b6c2023-02-08 09:42:40.234root 11241100x8000000000000000260074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a2893601d738a62023-02-08 09:42:40.235root 11241100x8000000000000000260073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0137de83dc89fd292023-02-08 09:42:40.235root 11241100x8000000000000000260072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1923a1cb7a0af5052023-02-08 09:42:40.235root 11241100x8000000000000000260071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7cffe7ce53f45e12023-02-08 09:42:40.235root 11241100x8000000000000000260070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0650dfb02cc080ee2023-02-08 09:42:40.235root 11241100x8000000000000000260069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.631751523bab7a432023-02-08 09:42:40.235root 11241100x8000000000000000260068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73107fa7d237528b2023-02-08 09:42:40.235root 11241100x8000000000000000260067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f3ee4acdb9c5ceb2023-02-08 09:42:40.235root 11241100x8000000000000000260066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5375c103f4f4168a2023-02-08 09:42:40.235root 11241100x8000000000000000260065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6db6a4eeda42a5672023-02-08 09:42:40.235root 11241100x8000000000000000260064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b11a01f667661a12023-02-08 09:42:40.235root 11241100x8000000000000000260084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d3e074163ac5f972023-02-08 09:42:40.236root 11241100x8000000000000000260083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d0789d813174742023-02-08 09:42:40.236root 11241100x8000000000000000260082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab5a3c4975661d22023-02-08 09:42:40.236root 11241100x8000000000000000260081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.748d3f3c84d6d9ed2023-02-08 09:42:40.236root 11241100x8000000000000000260080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab7f13895392d9d2023-02-08 09:42:40.236root 11241100x8000000000000000260079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daaeb6e4d46027e82023-02-08 09:42:40.236root 11241100x8000000000000000260078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc5f000afe99df8f2023-02-08 09:42:40.236root 11241100x8000000000000000260077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f4176ca87b1c55d2023-02-08 09:42:40.236root 11241100x8000000000000000260076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b0a87d084b4d9f42023-02-08 09:42:40.236root 11241100x8000000000000000260075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e78211bc8ff6a512023-02-08 09:42:40.236root 11241100x8000000000000000260090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9675fc0ba29308c2023-02-08 09:42:40.734root 11241100x8000000000000000260089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18163aaa96d38dcc2023-02-08 09:42:40.734root 11241100x8000000000000000260088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e8ec11269d5e352023-02-08 09:42:40.734root 11241100x8000000000000000260087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.958d990d22bbcc2a2023-02-08 09:42:40.734root 11241100x8000000000000000260086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.940ad87dad0cc6112023-02-08 09:42:40.734root 11241100x8000000000000000260085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.096ed780203a6a762023-02-08 09:42:40.734root 11241100x8000000000000000260105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.316d181db2e416fc2023-02-08 09:42:40.735root 11241100x8000000000000000260104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.715556716e8f9ff12023-02-08 09:42:40.735root 11241100x8000000000000000260103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da5aabfac46f3af22023-02-08 09:42:40.735root 11241100x8000000000000000260102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e7729d74d799fb32023-02-08 09:42:40.735root 11241100x8000000000000000260101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dacd1c944dc049de2023-02-08 09:42:40.735root 11241100x8000000000000000260100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e5116cc0f67c782023-02-08 09:42:40.735root 11241100x8000000000000000260099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c56d8beb5404bcb12023-02-08 09:42:40.735root 11241100x8000000000000000260098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a00ebeddd06299dc2023-02-08 09:42:40.735root 11241100x8000000000000000260097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f6fce31ee876452023-02-08 09:42:40.735root 11241100x8000000000000000260096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0a4a42f8de5e6392023-02-08 09:42:40.735root 11241100x8000000000000000260095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a052f101aaf72b82023-02-08 09:42:40.735root 11241100x8000000000000000260094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30fd65a3f42bede62023-02-08 09:42:40.735root 11241100x8000000000000000260093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d25dd365680489f32023-02-08 09:42:40.735root 11241100x8000000000000000260092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44929931bb69972b2023-02-08 09:42:40.735root 11241100x8000000000000000260091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.818aad3e4ccbe7df2023-02-08 09:42:40.735root 11241100x8000000000000000260106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11e6ab30516675f42023-02-08 09:42:40.736root 11241100x8000000000000000260113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e53148cc76235022023-02-08 09:42:41.235root 11241100x8000000000000000260112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ee0e3fc8411c76e2023-02-08 09:42:41.235root 11241100x8000000000000000260111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85506c3977536b192023-02-08 09:42:41.235root 11241100x8000000000000000260110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ca3a1316f6f3172023-02-08 09:42:41.235root 11241100x8000000000000000260109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b4dcb84673fe7d2023-02-08 09:42:41.235root 11241100x8000000000000000260108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30f57bc46a22ef342023-02-08 09:42:41.235root 11241100x8000000000000000260107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e709689a12f90812023-02-08 09:42:41.235root 11241100x8000000000000000260122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7612ae2f96b2c0b72023-02-08 09:42:41.236root 11241100x8000000000000000260121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e787899f56203e7f2023-02-08 09:42:41.236root 11241100x8000000000000000260120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc94a35ebede7cd2023-02-08 09:42:41.236root 11241100x8000000000000000260119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51c8964da73cd85b2023-02-08 09:42:41.236root 11241100x8000000000000000260118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.112b1fb2589a1ffd2023-02-08 09:42:41.236root 11241100x8000000000000000260117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.874e17d80062b31b2023-02-08 09:42:41.236root 11241100x8000000000000000260116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c74f9a2caf31156a2023-02-08 09:42:41.236root 11241100x8000000000000000260115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.563335214123543f2023-02-08 09:42:41.236root 11241100x8000000000000000260114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c1356cff8f3bb3e2023-02-08 09:42:41.236root 11241100x8000000000000000260128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acf8ac119de1a2a02023-02-08 09:42:41.237root 11241100x8000000000000000260127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdbf4ebb68ea50382023-02-08 09:42:41.237root 11241100x8000000000000000260126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4145043d06cde7ab2023-02-08 09:42:41.237root 11241100x8000000000000000260125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.755d81a76c5afdcd2023-02-08 09:42:41.237root 11241100x8000000000000000260124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c60221b8bd5fbc32023-02-08 09:42:41.237root 11241100x8000000000000000260123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a321503732f33ff62023-02-08 09:42:41.237root 11241100x8000000000000000260129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd1b682effbf9572023-02-08 09:42:41.734root 11241100x8000000000000000260134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c08e30d226c7cf72023-02-08 09:42:41.735root 11241100x8000000000000000260133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c9888b565c2fb82023-02-08 09:42:41.735root 11241100x8000000000000000260132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b8987e292c468c22023-02-08 09:42:41.735root 11241100x8000000000000000260131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01586367a960c2742023-02-08 09:42:41.735root 11241100x8000000000000000260130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e8b87ba579eb5822023-02-08 09:42:41.735root 11241100x8000000000000000260138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4dcbf898b8449e72023-02-08 09:42:41.736root 11241100x8000000000000000260137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03d10cfb768e6f4f2023-02-08 09:42:41.736root 11241100x8000000000000000260136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b758be0d8fafcc12023-02-08 09:42:41.736root 11241100x8000000000000000260135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b39cd8812f4fc832023-02-08 09:42:41.736root 11241100x8000000000000000260147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e36f183eef0812522023-02-08 09:42:41.737root 11241100x8000000000000000260146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a056fd34a74d5e162023-02-08 09:42:41.737root 11241100x8000000000000000260145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82eebbd3a81ad22c2023-02-08 09:42:41.737root 11241100x8000000000000000260144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c8e958c1f9349562023-02-08 09:42:41.737root 11241100x8000000000000000260143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac4917e1081a0d832023-02-08 09:42:41.737root 11241100x8000000000000000260142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74a3afff830073292023-02-08 09:42:41.737root 11241100x8000000000000000260141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde330c4781063632023-02-08 09:42:41.737root 11241100x8000000000000000260140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.838caf7c1120a5ab2023-02-08 09:42:41.737root 11241100x8000000000000000260139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df4727df72766ea62023-02-08 09:42:41.737root 11241100x8000000000000000260150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f38fd035303a0872023-02-08 09:42:41.738root 11241100x8000000000000000260149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b1d00d6d0a9bce82023-02-08 09:42:41.738root 11241100x8000000000000000260148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d164819dcf5f0682023-02-08 09:42:41.738root 11241100x8000000000000000260152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf7fe74c43439c42023-02-08 09:42:42.234root 11241100x8000000000000000260151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58698f7badb540572023-02-08 09:42:42.234root 11241100x8000000000000000260163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6fb78626314863e2023-02-08 09:42:42.235root 11241100x8000000000000000260162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be240bf33a4751de2023-02-08 09:42:42.235root 11241100x8000000000000000260161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33fb97336ab364c52023-02-08 09:42:42.235root 11241100x8000000000000000260160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.450910101eeb67b62023-02-08 09:42:42.235root 11241100x8000000000000000260159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8be3e12cdc37bf02023-02-08 09:42:42.235root 11241100x8000000000000000260158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9710d9be94e11b032023-02-08 09:42:42.235root 11241100x8000000000000000260157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5810b0b285a9e902023-02-08 09:42:42.235root 11241100x8000000000000000260156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c7cab2814439092023-02-08 09:42:42.235root 11241100x8000000000000000260155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.012a8481ed736b9c2023-02-08 09:42:42.235root 11241100x8000000000000000260154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d2911c9d8a8ac02023-02-08 09:42:42.235root 11241100x8000000000000000260153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e2fa0ea46f8745b2023-02-08 09:42:42.235root 11241100x8000000000000000260172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf67d632cb9868d92023-02-08 09:42:42.236root 11241100x8000000000000000260171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f09921600111402023-02-08 09:42:42.236root 11241100x8000000000000000260170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d4e421efd4631ed2023-02-08 09:42:42.236root 11241100x8000000000000000260169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6bb7c034d979ccc2023-02-08 09:42:42.236root 11241100x8000000000000000260168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d373cc7aa3dd792023-02-08 09:42:42.236root 11241100x8000000000000000260167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd66bbe24ed9fd232023-02-08 09:42:42.236root 11241100x8000000000000000260166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26595f885054c1ae2023-02-08 09:42:42.236root 11241100x8000000000000000260165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.203ab92eb36186372023-02-08 09:42:42.236root 11241100x8000000000000000260164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e30f7c9961d555b2023-02-08 09:42:42.236root 11241100x8000000000000000260176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2942181565bba2a2023-02-08 09:42:42.734root 11241100x8000000000000000260175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54e47a2c07cee7a72023-02-08 09:42:42.734root 11241100x8000000000000000260174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.746ce5b13ca18ab52023-02-08 09:42:42.734root 11241100x8000000000000000260173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b12b9bf46984bc2023-02-08 09:42:42.734root 11241100x8000000000000000260191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf6b6731047db7a42023-02-08 09:42:42.735root 11241100x8000000000000000260190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09dd1cc842f5dbb2023-02-08 09:42:42.735root 11241100x8000000000000000260189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cfb2b8ec95f34f92023-02-08 09:42:42.735root 11241100x8000000000000000260188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3838d1395d53d002023-02-08 09:42:42.735root 11241100x8000000000000000260187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6a954e0ace97ce32023-02-08 09:42:42.735root 11241100x8000000000000000260186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a73f2f59bf5f4862023-02-08 09:42:42.735root 11241100x8000000000000000260185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c186598047c1a3dc2023-02-08 09:42:42.735root 11241100x8000000000000000260184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.172e529acd54da312023-02-08 09:42:42.735root 11241100x8000000000000000260183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b845c0d4aeeec05f2023-02-08 09:42:42.735root 11241100x8000000000000000260182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d38fe88a169c7db12023-02-08 09:42:42.735root 11241100x8000000000000000260181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde13f85b85e84c72023-02-08 09:42:42.735root 11241100x8000000000000000260180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbee148c8198700e2023-02-08 09:42:42.735root 11241100x8000000000000000260179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdbc8e304a45635e2023-02-08 09:42:42.735root 11241100x8000000000000000260178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85fa91bc20fb47492023-02-08 09:42:42.735root 11241100x8000000000000000260177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcd0791ad5f868832023-02-08 09:42:42.735root 11241100x8000000000000000260194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be086a1ea02c49202023-02-08 09:42:42.736root 11241100x8000000000000000260193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09e0bb7f9370d3542023-02-08 09:42:42.736root 11241100x8000000000000000260192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c74aeab9ffc1df2023-02-08 09:42:42.736root 11241100x8000000000000000260196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.169{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d05033cd77781b2023-02-08 09:42:43.169root 354300x8000000000000000260195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.169{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36698-false10.0.1.12-8000- 11241100x8000000000000000260209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.170{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dcacbb5fa627adf2023-02-08 09:42:43.170root 11241100x8000000000000000260208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.170{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31bf156b3966051c2023-02-08 09:42:43.170root 11241100x8000000000000000260207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.170{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a5e0c4289dc02c92023-02-08 09:42:43.170root 11241100x8000000000000000260206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.170{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a957aaa4a6153c2023-02-08 09:42:43.170root 11241100x8000000000000000260205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.170{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fce357cefe630c9a2023-02-08 09:42:43.170root 11241100x8000000000000000260204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.170{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e59bb9df65ab1ab72023-02-08 09:42:43.170root 11241100x8000000000000000260203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.170{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6e75e67dba586df2023-02-08 09:42:43.170root 11241100x8000000000000000260202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.170{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78939b1cdd2e95512023-02-08 09:42:43.170root 11241100x8000000000000000260201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.170{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8324afcc4a47ba822023-02-08 09:42:43.170root 11241100x8000000000000000260200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.170{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.563cd6030f0c43b82023-02-08 09:42:43.170root 11241100x8000000000000000260199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.170{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b5b4b922c53964b2023-02-08 09:42:43.170root 11241100x8000000000000000260198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.170{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b25b258d987faf4a2023-02-08 09:42:43.170root 11241100x8000000000000000260197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.170{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f91468ab4547c82023-02-08 09:42:43.170root 11241100x8000000000000000260221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.171{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff61169c4bd804d22023-02-08 09:42:43.171root 11241100x8000000000000000260220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.171{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a545d6f498d40a572023-02-08 09:42:43.171root 11241100x8000000000000000260219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.171{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f7fd018f5392ad2023-02-08 09:42:43.171root 11241100x8000000000000000260218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.171{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13777ab1e2c653252023-02-08 09:42:43.171root 11241100x8000000000000000260217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.171{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a78b3960d93dde12023-02-08 09:42:43.171root 11241100x8000000000000000260216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.171{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ae1ebc7fdef0162023-02-08 09:42:43.171root 11241100x8000000000000000260215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.171{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4113b529c5f5cb242023-02-08 09:42:43.171root 11241100x8000000000000000260214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.171{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8661bec496c641152023-02-08 09:42:43.171root 11241100x8000000000000000260213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.171{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5d8b14e45edca42023-02-08 09:42:43.171root 11241100x8000000000000000260212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.171{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f46b794977ee99b72023-02-08 09:42:43.171root 11241100x8000000000000000260211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.171{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e9682c3ac1a32f2023-02-08 09:42:43.171root 11241100x8000000000000000260210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.171{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca1a5ef04a196b062023-02-08 09:42:43.171root 11241100x8000000000000000260225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.172{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d66786982ff36f6b2023-02-08 09:42:43.172root 11241100x8000000000000000260224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.172{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df4e2166aa4603172023-02-08 09:42:43.172root 11241100x8000000000000000260223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.172{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.915e3b50699fb40a2023-02-08 09:42:43.172root 11241100x8000000000000000260222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.172{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e568c17e23d7a2702023-02-08 09:42:43.172root 11241100x8000000000000000260226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f960e98361be9d82023-02-08 09:42:43.484root 11241100x8000000000000000260235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d93f701e05afb6e12023-02-08 09:42:43.485root 11241100x8000000000000000260234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b27c8035b933552023-02-08 09:42:43.485root 11241100x8000000000000000260233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebdcd9c232b586632023-02-08 09:42:43.485root 11241100x8000000000000000260232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b5f9479eb72abe2023-02-08 09:42:43.485root 11241100x8000000000000000260231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cdc6e1ea74083b92023-02-08 09:42:43.485root 11241100x8000000000000000260230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.560c5e6be2d9e29d2023-02-08 09:42:43.485root 11241100x8000000000000000260229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d701efe2153cd38e2023-02-08 09:42:43.485root 11241100x8000000000000000260228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1561e1b515712ea2023-02-08 09:42:43.485root 11241100x8000000000000000260227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eacdf64b014311102023-02-08 09:42:43.485root 11241100x8000000000000000260247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55693b399c4b01ad2023-02-08 09:42:43.486root 11241100x8000000000000000260246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af041aaeebfdc9b42023-02-08 09:42:43.486root 11241100x8000000000000000260245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23fa322fd0c0437d2023-02-08 09:42:43.486root 11241100x8000000000000000260244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.612654a8c8aa7a8f2023-02-08 09:42:43.486root 11241100x8000000000000000260243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67d8f530330551e92023-02-08 09:42:43.486root 11241100x8000000000000000260242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b624460a2c0b302023-02-08 09:42:43.486root 11241100x8000000000000000260241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27dc8c25ca3085622023-02-08 09:42:43.486root 11241100x8000000000000000260240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f6f5799d508e9022023-02-08 09:42:43.486root 11241100x8000000000000000260239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94823b650be8cc7a2023-02-08 09:42:43.486root 11241100x8000000000000000260238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeb1eab1dedfe6762023-02-08 09:42:43.486root 11241100x8000000000000000260237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa49357bdb2746332023-02-08 09:42:43.486root 11241100x8000000000000000260236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ee99e3d34dd21892023-02-08 09:42:43.486root 11241100x8000000000000000260248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35873320bb2f9c942023-02-08 09:42:43.487root 11241100x8000000000000000260249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c3672c4f790e2b2023-02-08 09:42:43.984root 11241100x8000000000000000260261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f92ab538b9595f52023-02-08 09:42:43.985root 11241100x8000000000000000260260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be8bea82e40260ee2023-02-08 09:42:43.985root 11241100x8000000000000000260259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c4a7faa8cebe9e2023-02-08 09:42:43.985root 11241100x8000000000000000260258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b3318be105251f62023-02-08 09:42:43.985root 11241100x8000000000000000260257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5af3dd34f25f39f2023-02-08 09:42:43.985root 11241100x8000000000000000260256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.258eb94264bd683b2023-02-08 09:42:43.985root 11241100x8000000000000000260255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dda38edb9fc36b992023-02-08 09:42:43.985root 11241100x8000000000000000260254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a964153450f156832023-02-08 09:42:43.985root 11241100x8000000000000000260253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba90a59533dbdc392023-02-08 09:42:43.985root 11241100x8000000000000000260252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.913c9f13d01e0f2b2023-02-08 09:42:43.985root 11241100x8000000000000000260251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c613ba5262bc6b22023-02-08 09:42:43.985root 11241100x8000000000000000260250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60b9cc34a28e63052023-02-08 09:42:43.985root 11241100x8000000000000000260271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc7c1f6470317b1d2023-02-08 09:42:43.986root 11241100x8000000000000000260270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f61bdb53e077b4b72023-02-08 09:42:43.986root 11241100x8000000000000000260269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc235201c984a5bc2023-02-08 09:42:43.986root 11241100x8000000000000000260268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b98508972a07462023-02-08 09:42:43.986root 11241100x8000000000000000260267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22b15f2218e4f0972023-02-08 09:42:43.986root 11241100x8000000000000000260266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf48c8d75a3c9942023-02-08 09:42:43.986root 11241100x8000000000000000260265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3a3468edc0d63bb2023-02-08 09:42:43.986root 11241100x8000000000000000260264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a32d1b11478ae552023-02-08 09:42:43.986root 11241100x8000000000000000260263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.250069e2334f21a02023-02-08 09:42:43.986root 11241100x8000000000000000260262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b74133a70fb032852023-02-08 09:42:43.986root 11241100x8000000000000000260272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7585d5652246ab9a2023-02-08 09:42:44.484root 11241100x8000000000000000260285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65216b33a5c434fd2023-02-08 09:42:44.485root 11241100x8000000000000000260284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c1901e8002334e2023-02-08 09:42:44.485root 11241100x8000000000000000260283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68adc8b4c9001a412023-02-08 09:42:44.485root 11241100x8000000000000000260282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abe2fa32dcbd49572023-02-08 09:42:44.485root 11241100x8000000000000000260281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f8b8ba74abf66172023-02-08 09:42:44.485root 11241100x8000000000000000260280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a577399d4801a622023-02-08 09:42:44.485root 11241100x8000000000000000260279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6edc474c8eb370a22023-02-08 09:42:44.485root 11241100x8000000000000000260278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba22f1cc9e316f972023-02-08 09:42:44.485root 11241100x8000000000000000260277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf8c8cec81db3262023-02-08 09:42:44.485root 11241100x8000000000000000260276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e481590932f0e92023-02-08 09:42:44.485root 11241100x8000000000000000260275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1628548c69c58ab2023-02-08 09:42:44.485root 11241100x8000000000000000260274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b11e8f352ddbb1c2023-02-08 09:42:44.485root 11241100x8000000000000000260273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f80b869b9b6bc51c2023-02-08 09:42:44.485root 11241100x8000000000000000260294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.947ebda3108da7b02023-02-08 09:42:44.486root 11241100x8000000000000000260293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ae2c556377413d2023-02-08 09:42:44.486root 11241100x8000000000000000260292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ea90a482468ed62023-02-08 09:42:44.486root 11241100x8000000000000000260291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cd64c0025905e4c2023-02-08 09:42:44.486root 11241100x8000000000000000260290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.523f7b71d51420fb2023-02-08 09:42:44.486root 11241100x8000000000000000260289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3117a7a5096f14872023-02-08 09:42:44.486root 11241100x8000000000000000260288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6afa89b78e96d422023-02-08 09:42:44.486root 11241100x8000000000000000260287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cbc7b658406a4e22023-02-08 09:42:44.486root 11241100x8000000000000000260286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a6e99e0a7a563b2023-02-08 09:42:44.486root 11241100x8000000000000000260299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9463270a4213f43e2023-02-08 09:42:44.984root 11241100x8000000000000000260298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e9274a63ff8fcf2023-02-08 09:42:44.984root 11241100x8000000000000000260297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94d2090d34fc82c62023-02-08 09:42:44.984root 11241100x8000000000000000260296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a2e2f8ffb6938b12023-02-08 09:42:44.984root 11241100x8000000000000000260295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e85dd1084984a62023-02-08 09:42:44.984root 11241100x8000000000000000260303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb12cfffe10a85ac2023-02-08 09:42:44.985root 11241100x8000000000000000260302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ba652aa57289d42023-02-08 09:42:44.985root 11241100x8000000000000000260301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da3a43c6f376cf042023-02-08 09:42:44.985root 11241100x8000000000000000260300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6149d7c6785f40a62023-02-08 09:42:44.985root 11241100x8000000000000000260313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8aab954d49275ec2023-02-08 09:42:44.986root 11241100x8000000000000000260312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c480233ba1acb7dc2023-02-08 09:42:44.986root 11241100x8000000000000000260311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f060ef28ae6bae4d2023-02-08 09:42:44.986root 11241100x8000000000000000260310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f9b3114eded1852023-02-08 09:42:44.986root 11241100x8000000000000000260309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba0dd4416f1508592023-02-08 09:42:44.986root 11241100x8000000000000000260308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0007ab0b557ab992023-02-08 09:42:44.986root 11241100x8000000000000000260307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa826bb5798554802023-02-08 09:42:44.986root 11241100x8000000000000000260306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa23061abb24babe2023-02-08 09:42:44.986root 11241100x8000000000000000260305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7020a5efec4203c2023-02-08 09:42:44.986root 11241100x8000000000000000260304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.399a897bcdd050652023-02-08 09:42:44.986root 11241100x8000000000000000260317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db857e7c33a78dfb2023-02-08 09:42:44.987root 11241100x8000000000000000260316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136757afa9db42162023-02-08 09:42:44.987root 11241100x8000000000000000260315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab41c46552dcc6d52023-02-08 09:42:44.987root 11241100x8000000000000000260314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d518c509678bb12023-02-08 09:42:44.987root 11241100x8000000000000000260325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb12340e44825f542023-02-08 09:42:45.484root 11241100x8000000000000000260324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d1ea5dc48a66c542023-02-08 09:42:45.484root 11241100x8000000000000000260323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40f0c0f651b9a4082023-02-08 09:42:45.484root 11241100x8000000000000000260322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.213b0be46af73e3d2023-02-08 09:42:45.484root 11241100x8000000000000000260321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37880efd6b837d442023-02-08 09:42:45.484root 11241100x8000000000000000260320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a0cdac82acbf962023-02-08 09:42:45.484root 11241100x8000000000000000260319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea1cf076a77e5572023-02-08 09:42:45.484root 11241100x8000000000000000260318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b49236be9b423182023-02-08 09:42:45.484root 11241100x8000000000000000260333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c81293f64a045c82023-02-08 09:42:45.485root 11241100x8000000000000000260332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c43da4463dc7932023-02-08 09:42:45.485root 11241100x8000000000000000260331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e4bbbd409d820e2023-02-08 09:42:45.485root 11241100x8000000000000000260330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ef13e343d2015032023-02-08 09:42:45.485root 11241100x8000000000000000260329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46c693d8eb096d602023-02-08 09:42:45.485root 11241100x8000000000000000260328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a47898e398bc899e2023-02-08 09:42:45.485root 11241100x8000000000000000260327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6900f71b03b198712023-02-08 09:42:45.485root 11241100x8000000000000000260326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3bbdde011ccaaa82023-02-08 09:42:45.485root 11241100x8000000000000000260334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f3bc21aaa0331d82023-02-08 09:42:45.486root 11241100x8000000000000000260340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5db18649775382672023-02-08 09:42:45.488root 11241100x8000000000000000260339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.601298c9d4b2ac152023-02-08 09:42:45.488root 11241100x8000000000000000260338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a80009ec9ff53f752023-02-08 09:42:45.488root 11241100x8000000000000000260337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8863a21cb4b64de82023-02-08 09:42:45.488root 11241100x8000000000000000260336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4263ce1fd06fbd932023-02-08 09:42:45.488root 11241100x8000000000000000260335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e42f260c5848192023-02-08 09:42:45.488root 11241100x8000000000000000260346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.debb5edc575f24752023-02-08 09:42:45.984root 11241100x8000000000000000260345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8107664f39c3cb0f2023-02-08 09:42:45.984root 11241100x8000000000000000260344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceace8d06e04d3f12023-02-08 09:42:45.984root 11241100x8000000000000000260343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91bca6bebabaadbb2023-02-08 09:42:45.984root 11241100x8000000000000000260342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43180746663126892023-02-08 09:42:45.984root 11241100x8000000000000000260341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50d022abecfa2dad2023-02-08 09:42:45.984root 11241100x8000000000000000260354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fffbab575b7caf292023-02-08 09:42:45.985root 11241100x8000000000000000260353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4adbdd1df7f8ca2023-02-08 09:42:45.985root 11241100x8000000000000000260352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db7b0c3f0f5307f02023-02-08 09:42:45.985root 11241100x8000000000000000260351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.141a9ce10af2d9ea2023-02-08 09:42:45.985root 11241100x8000000000000000260350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d21ee5e97556def82023-02-08 09:42:45.985root 11241100x8000000000000000260349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1de99ec689ff74fc2023-02-08 09:42:45.985root 11241100x8000000000000000260348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81acdc7e3032bc72023-02-08 09:42:45.985root 11241100x8000000000000000260347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.792d3346565fad902023-02-08 09:42:45.985root 11241100x8000000000000000260363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b99c76bfccc72f32023-02-08 09:42:45.986root 11241100x8000000000000000260362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a00008ae25ce4a2023-02-08 09:42:45.986root 11241100x8000000000000000260361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b53d15db79aded312023-02-08 09:42:45.986root 11241100x8000000000000000260360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d85a1290b66e7742023-02-08 09:42:45.986root 11241100x8000000000000000260359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e4a24e266955fc22023-02-08 09:42:45.986root 11241100x8000000000000000260358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac2ff08c1e858b802023-02-08 09:42:45.986root 11241100x8000000000000000260357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a81b8eb38a1aada42023-02-08 09:42:45.986root 11241100x8000000000000000260356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7326ca63df859ef2023-02-08 09:42:45.986root 11241100x8000000000000000260355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.291ffe80d7d03ce32023-02-08 09:42:45.986root 11241100x8000000000000000260369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b6365d7335038b2023-02-08 09:42:46.484root 11241100x8000000000000000260368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.221144e4b0c7ea382023-02-08 09:42:46.484root 11241100x8000000000000000260367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15086873c1adc8c42023-02-08 09:42:46.484root 11241100x8000000000000000260366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be8f7fa96c7fcf632023-02-08 09:42:46.484root 11241100x8000000000000000260365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c17cd41d5f615dbb2023-02-08 09:42:46.484root 11241100x8000000000000000260364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c379ca1f37853d3d2023-02-08 09:42:46.484root 11241100x8000000000000000260375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b15659aabee8ea2023-02-08 09:42:46.485root 11241100x8000000000000000260374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6045aca8a43882302023-02-08 09:42:46.485root 11241100x8000000000000000260373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90701b28cbb97da62023-02-08 09:42:46.485root 11241100x8000000000000000260372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a282f9bb1a7c7aa2023-02-08 09:42:46.485root 11241100x8000000000000000260371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ec0f0bd83c81c2f2023-02-08 09:42:46.485root 11241100x8000000000000000260370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfb91e09f336e7d32023-02-08 09:42:46.485root 11241100x8000000000000000260379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3234fe7d03089202023-02-08 09:42:46.486root 11241100x8000000000000000260378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4647a6fab5d6f45c2023-02-08 09:42:46.486root 11241100x8000000000000000260377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f83f153c2f746d72023-02-08 09:42:46.486root 11241100x8000000000000000260376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a6591cf8f8e77ec2023-02-08 09:42:46.486root 11241100x8000000000000000260382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82869f90399b2b62023-02-08 09:42:46.487root 11241100x8000000000000000260381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d13e7b68810e082023-02-08 09:42:46.487root 11241100x8000000000000000260380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae4d37a2654812c2023-02-08 09:42:46.487root 11241100x8000000000000000260386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.690db9f0688ddb6e2023-02-08 09:42:46.488root 11241100x8000000000000000260385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f308dba37187c1402023-02-08 09:42:46.488root 11241100x8000000000000000260384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a54d5bbf1e561d682023-02-08 09:42:46.488root 11241100x8000000000000000260383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b985b28e04943cdd2023-02-08 09:42:46.488root 11241100x8000000000000000260393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.311ccee5e6976d4a2023-02-08 09:42:46.984root 11241100x8000000000000000260392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbfe2f6beb52b0c12023-02-08 09:42:46.984root 11241100x8000000000000000260391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8484d3e990360c1a2023-02-08 09:42:46.984root 11241100x8000000000000000260390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcad83855ec98aca2023-02-08 09:42:46.984root 11241100x8000000000000000260389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ec57264f66144892023-02-08 09:42:46.984root 11241100x8000000000000000260388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91dbde20a18ce3e22023-02-08 09:42:46.984root 11241100x8000000000000000260387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eaac12ac7ed13812023-02-08 09:42:46.984root 11241100x8000000000000000260399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa15d84584952372023-02-08 09:42:46.985root 11241100x8000000000000000260398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d7f6be1b772d6742023-02-08 09:42:46.985root 11241100x8000000000000000260397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1f210fa13732a322023-02-08 09:42:46.985root 11241100x8000000000000000260396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0c67675db0bbbda2023-02-08 09:42:46.985root 11241100x8000000000000000260395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c838a1efe4b785e2023-02-08 09:42:46.985root 11241100x8000000000000000260394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ee6ceaa3c1fb132023-02-08 09:42:46.985root 11241100x8000000000000000260405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e7869b14a0c6ab2023-02-08 09:42:46.986root 11241100x8000000000000000260404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66df071bf1a3ea6d2023-02-08 09:42:46.986root 11241100x8000000000000000260403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5e34886781a8ad2023-02-08 09:42:46.986root 11241100x8000000000000000260402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0c37f8a77a5f8252023-02-08 09:42:46.986root 11241100x8000000000000000260401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7e1979dd8163ba52023-02-08 09:42:46.986root 11241100x8000000000000000260400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.130d5a96f9c387ff2023-02-08 09:42:46.986root 11241100x8000000000000000260412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adfdd1d4a9c8fb0f2023-02-08 09:42:46.987root 11241100x8000000000000000260411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03b805e983df48c62023-02-08 09:42:46.987root 11241100x8000000000000000260410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f56b01d8d6d2cbee2023-02-08 09:42:46.987root 11241100x8000000000000000260409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.190c886fc03925882023-02-08 09:42:46.987root 11241100x8000000000000000260408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc74be3432870ea22023-02-08 09:42:46.987root 11241100x8000000000000000260407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cbbcec62cd808cb2023-02-08 09:42:46.987root 11241100x8000000000000000260406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c14c34d3d5284c5a2023-02-08 09:42:46.987root 11241100x8000000000000000260416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d92e295d55858d72023-02-08 09:42:46.988root 11241100x8000000000000000260415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5c6943cb93019452023-02-08 09:42:46.988root 11241100x8000000000000000260414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca5d82ec86c8d55b2023-02-08 09:42:46.988root 11241100x8000000000000000260413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77f86c2a0c40f98c2023-02-08 09:42:46.988root 11241100x8000000000000000260419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db880555f0386d9e2023-02-08 09:42:47.484root 11241100x8000000000000000260418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.423001eaedd009642023-02-08 09:42:47.484root 11241100x8000000000000000260417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f27d106ee5795d92023-02-08 09:42:47.484root 11241100x8000000000000000260423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.621e7db87d532c9f2023-02-08 09:42:47.485root 11241100x8000000000000000260422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6e2ba55d29839552023-02-08 09:42:47.485root 11241100x8000000000000000260421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47592b0d56f38572023-02-08 09:42:47.485root 11241100x8000000000000000260420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42b4db069ff34cb42023-02-08 09:42:47.485root 11241100x8000000000000000260429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.706b0d11347634bb2023-02-08 09:42:47.486root 11241100x8000000000000000260428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c846d30ad1d0fd2023-02-08 09:42:47.486root 11241100x8000000000000000260427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08d63678a551cdb82023-02-08 09:42:47.486root 11241100x8000000000000000260426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b57cd5755aeb40c82023-02-08 09:42:47.486root 11241100x8000000000000000260425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad5e3cbb0434b68d2023-02-08 09:42:47.486root 11241100x8000000000000000260424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48eedabd8fa543b02023-02-08 09:42:47.486root 11241100x8000000000000000260434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d231a394692df6542023-02-08 09:42:47.487root 11241100x8000000000000000260433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d19a4293f33ca4d32023-02-08 09:42:47.487root 11241100x8000000000000000260432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7db29f48ae349e5a2023-02-08 09:42:47.487root 11241100x8000000000000000260431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4f5a16b713f72d42023-02-08 09:42:47.487root 11241100x8000000000000000260430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c0f324366e44c732023-02-08 09:42:47.487root 11241100x8000000000000000260439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2039d1129470af0d2023-02-08 09:42:47.488root 11241100x8000000000000000260438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27853815a88998a92023-02-08 09:42:47.488root 11241100x8000000000000000260437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb63f6fb3347548f2023-02-08 09:42:47.488root 11241100x8000000000000000260436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e7b07b89ee11d42023-02-08 09:42:47.488root 11241100x8000000000000000260435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53dc49a728bd63852023-02-08 09:42:47.488root 11241100x8000000000000000260446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e9f7f36ce83d5492023-02-08 09:42:47.984root 11241100x8000000000000000260445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.933403c881c510fc2023-02-08 09:42:47.984root 11241100x8000000000000000260444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd3e9ffe486374d02023-02-08 09:42:47.984root 11241100x8000000000000000260443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.096b66ce3f8d36482023-02-08 09:42:47.984root 11241100x8000000000000000260442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76da4d8333ad77ac2023-02-08 09:42:47.984root 11241100x8000000000000000260441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd956dc5b74103122023-02-08 09:42:47.984root 11241100x8000000000000000260440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.088373ede2472ce82023-02-08 09:42:47.984root 11241100x8000000000000000260456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae16223a39f50b6f2023-02-08 09:42:47.985root 11241100x8000000000000000260455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4bdad9a18fdb6a62023-02-08 09:42:47.985root 11241100x8000000000000000260454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f48d9e8919dd5f1e2023-02-08 09:42:47.985root 11241100x8000000000000000260453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24fa1fe5c985e6ef2023-02-08 09:42:47.985root 11241100x8000000000000000260452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a0a04991a5a46b2023-02-08 09:42:47.985root 11241100x8000000000000000260451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a999088865b6f46e2023-02-08 09:42:47.985root 11241100x8000000000000000260450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed956f8d8143fa62023-02-08 09:42:47.985root 11241100x8000000000000000260449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7ffaa196d383eda2023-02-08 09:42:47.985root 11241100x8000000000000000260448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cae982fe6c031822023-02-08 09:42:47.985root 11241100x8000000000000000260447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bdd7c929061901c2023-02-08 09:42:47.985root 11241100x8000000000000000260464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a17331883f7e06512023-02-08 09:42:47.986root 11241100x8000000000000000260463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c3a7e3c55336d92023-02-08 09:42:47.986root 11241100x8000000000000000260462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44184935fa0202242023-02-08 09:42:47.986root 11241100x8000000000000000260461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aaa2785ba1c17282023-02-08 09:42:47.986root 11241100x8000000000000000260460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4275c43caca9bab2023-02-08 09:42:47.986root 11241100x8000000000000000260459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.189d56e23cddd4862023-02-08 09:42:47.986root 11241100x8000000000000000260458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b549facedb429cc2023-02-08 09:42:47.986root 11241100x8000000000000000260457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.660d0d88b30c14c72023-02-08 09:42:47.986root 354300x8000000000000000260465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.187{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-42272-false10.0.1.12-8000- 11241100x8000000000000000260472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.362980fe08c9ab8d2023-02-08 09:42:48.484root 11241100x8000000000000000260471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f6f0601481cf9362023-02-08 09:42:48.484root 11241100x8000000000000000260470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74c078dd8d72004f2023-02-08 09:42:48.484root 11241100x8000000000000000260469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec2970fc36ac4cd22023-02-08 09:42:48.484root 11241100x8000000000000000260468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d19abada4c52cbe22023-02-08 09:42:48.484root 11241100x8000000000000000260467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a93d4ed7075f1dc72023-02-08 09:42:48.484root 11241100x8000000000000000260466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c147ba1a926b892023-02-08 09:42:48.484root 11241100x8000000000000000260485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6ad2ebff3886b92023-02-08 09:42:48.485root 11241100x8000000000000000260484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a01f53c910b1fd2023-02-08 09:42:48.485root 11241100x8000000000000000260483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9be2e4b6a6b266cc2023-02-08 09:42:48.485root 11241100x8000000000000000260482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60347ff29bc57a172023-02-08 09:42:48.485root 11241100x8000000000000000260481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19e2e80a149679632023-02-08 09:42:48.485root 11241100x8000000000000000260480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c256f686809ba112023-02-08 09:42:48.485root 11241100x8000000000000000260479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2371803df645bb042023-02-08 09:42:48.485root 11241100x8000000000000000260478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e64fb129de2aff92023-02-08 09:42:48.485root 11241100x8000000000000000260477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b01f32aa87a7ed342023-02-08 09:42:48.485root 11241100x8000000000000000260476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9812a1895e77ae762023-02-08 09:42:48.485root 11241100x8000000000000000260475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a16309727e1f73b52023-02-08 09:42:48.485root 11241100x8000000000000000260474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98380bd24396c76c2023-02-08 09:42:48.485root 11241100x8000000000000000260473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9ff3db4c7f30802023-02-08 09:42:48.485root 11241100x8000000000000000260489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b658abf3864dffd2023-02-08 09:42:48.486root 11241100x8000000000000000260488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39f727cb30a70a582023-02-08 09:42:48.486root 11241100x8000000000000000260487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90aa94271fcdfae82023-02-08 09:42:48.486root 11241100x8000000000000000260486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c824f627aebdbe2023-02-08 09:42:48.486root 11241100x8000000000000000260496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb48167d937ef3b2023-02-08 09:42:48.984root 11241100x8000000000000000260495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ddfd45c43d6f9882023-02-08 09:42:48.984root 11241100x8000000000000000260494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c72b83554e189412023-02-08 09:42:48.984root 11241100x8000000000000000260493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee01ba3deac95e082023-02-08 09:42:48.984root 11241100x8000000000000000260492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbfae9def50b2e6a2023-02-08 09:42:48.984root 11241100x8000000000000000260491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.126ff004161883d02023-02-08 09:42:48.984root 11241100x8000000000000000260490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faa6ddb665a409382023-02-08 09:42:48.984root 11241100x8000000000000000260505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c18bfa896a0a262023-02-08 09:42:48.985root 11241100x8000000000000000260504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92bdad2d09f7a4f52023-02-08 09:42:48.985root 11241100x8000000000000000260503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caff092d781c78762023-02-08 09:42:48.985root 11241100x8000000000000000260502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c3dc10614f1af72023-02-08 09:42:48.985root 11241100x8000000000000000260501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65ac40720936cfb2023-02-08 09:42:48.985root 11241100x8000000000000000260500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b65bda91f8c4d8772023-02-08 09:42:48.985root 11241100x8000000000000000260499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c6f190c8b89d5462023-02-08 09:42:48.985root 11241100x8000000000000000260498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d558c7613c591a12023-02-08 09:42:48.985root 11241100x8000000000000000260497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90195ea3f4dcb89d2023-02-08 09:42:48.985root 11241100x8000000000000000260514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ace5e0f129b6682023-02-08 09:42:48.986root 11241100x8000000000000000260513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eacc9560de4562af2023-02-08 09:42:48.986root 11241100x8000000000000000260512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49876f63b548e95b2023-02-08 09:42:48.986root 11241100x8000000000000000260511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f16178f63ccd5df62023-02-08 09:42:48.986root 11241100x8000000000000000260510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce2e3626da8c3ce2023-02-08 09:42:48.986root 11241100x8000000000000000260509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc7142f29327fa922023-02-08 09:42:48.986root 11241100x8000000000000000260508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c44e318d04e288552023-02-08 09:42:48.986root 11241100x8000000000000000260507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cabaf8cc9cf888222023-02-08 09:42:48.986root 11241100x8000000000000000260506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f313a8d387a858e2023-02-08 09:42:48.986root 11241100x8000000000000000260516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e53968db44dda07f2023-02-08 09:42:49.484root 11241100x8000000000000000260515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ca4f8915c2ce1ac2023-02-08 09:42:49.484root 11241100x8000000000000000260525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcce7f7bb89519dd2023-02-08 09:42:49.485root 11241100x8000000000000000260524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76dbbe12134779f12023-02-08 09:42:49.485root 11241100x8000000000000000260523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.becb32b01990633b2023-02-08 09:42:49.485root 11241100x8000000000000000260522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c51ff92e0b6dcf22023-02-08 09:42:49.485root 11241100x8000000000000000260521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9880dc1737ed07542023-02-08 09:42:49.485root 11241100x8000000000000000260520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfc17429429fa09c2023-02-08 09:42:49.485root 11241100x8000000000000000260519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bc438ae9c7d60142023-02-08 09:42:49.485root 11241100x8000000000000000260518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.874d93ef7c340ed02023-02-08 09:42:49.485root 11241100x8000000000000000260517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96171cf5754719e42023-02-08 09:42:49.485root 11241100x8000000000000000260533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9921ca362685a4e52023-02-08 09:42:49.486root 11241100x8000000000000000260532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce7f030a98642032023-02-08 09:42:49.486root 11241100x8000000000000000260531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f331d7f296c0ccf2023-02-08 09:42:49.486root 11241100x8000000000000000260530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e57be0650f333d922023-02-08 09:42:49.486root 11241100x8000000000000000260529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc875b5af6838ef2023-02-08 09:42:49.486root 11241100x8000000000000000260528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb7640121fa74482023-02-08 09:42:49.486root 11241100x8000000000000000260527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac3507a006738fcf2023-02-08 09:42:49.486root 11241100x8000000000000000260526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de6ad0a66d686b42023-02-08 09:42:49.486root 11241100x8000000000000000260536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d636b21beb8219b2023-02-08 09:42:49.487root 11241100x8000000000000000260535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c14288cb01e86f6c2023-02-08 09:42:49.487root 11241100x8000000000000000260534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.263134d7c5128e322023-02-08 09:42:49.487root 11241100x8000000000000000260538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b4fdd95715d2f852023-02-08 09:42:49.488root 11241100x8000000000000000260537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f063196cc4ff6e4d2023-02-08 09:42:49.488root 11241100x8000000000000000260540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a93984d8d7558d2023-02-08 09:42:49.984root 11241100x8000000000000000260539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8648880ad3054652023-02-08 09:42:49.984root 11241100x8000000000000000260543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091fad8b05a2b4f62023-02-08 09:42:49.985root 11241100x8000000000000000260542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea4272de5bda22402023-02-08 09:42:49.985root 11241100x8000000000000000260541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6718bfbd50cb0c702023-02-08 09:42:49.985root 11241100x8000000000000000260549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba73cea826a6abce2023-02-08 09:42:49.986root 11241100x8000000000000000260548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f20daae04e77282023-02-08 09:42:49.986root 11241100x8000000000000000260547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b703d22a8d86a8da2023-02-08 09:42:49.986root 11241100x8000000000000000260546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16041ec26173e0732023-02-08 09:42:49.986root 11241100x8000000000000000260545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f8252f1b55ea1f2023-02-08 09:42:49.986root 11241100x8000000000000000260544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed0b2370f2c76442023-02-08 09:42:49.986root 11241100x8000000000000000260559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d3f98f191a71e3e2023-02-08 09:42:49.987root 11241100x8000000000000000260558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf54010c26b25fbf2023-02-08 09:42:49.987root 11241100x8000000000000000260557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3cb1308ac04db592023-02-08 09:42:49.987root 11241100x8000000000000000260556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3137c4b163e6ece42023-02-08 09:42:49.987root 11241100x8000000000000000260555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54424b9031032aa52023-02-08 09:42:49.987root 11241100x8000000000000000260554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaee33e5c05fd8222023-02-08 09:42:49.987root 11241100x8000000000000000260553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69f2f031cd6a95f62023-02-08 09:42:49.987root 11241100x8000000000000000260552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42eef111371611ec2023-02-08 09:42:49.987root 11241100x8000000000000000260551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.529d9d24e70acfc12023-02-08 09:42:49.987root 11241100x8000000000000000260550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d23ede8f673d3abb2023-02-08 09:42:49.987root 11241100x8000000000000000260562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8cfb4c24bd824fc2023-02-08 09:42:49.988root 11241100x8000000000000000260561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d5ad98673bce6292023-02-08 09:42:49.988root 11241100x8000000000000000260560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f49b24d7637c56b2023-02-08 09:42:49.988root 11241100x8000000000000000260570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.680d04976fd58d892023-02-08 09:42:50.484root 11241100x8000000000000000260569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3ddf67d05ae75c12023-02-08 09:42:50.484root 11241100x8000000000000000260568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fbfdc4f4f8b03ca2023-02-08 09:42:50.484root 11241100x8000000000000000260567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4254c240087983662023-02-08 09:42:50.484root 11241100x8000000000000000260566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1664893de174eb652023-02-08 09:42:50.484root 11241100x8000000000000000260565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b800266c59e5642023-02-08 09:42:50.484root 11241100x8000000000000000260564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d9a4d34cece9762023-02-08 09:42:50.484root 11241100x8000000000000000260563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51770f07a8aea7612023-02-08 09:42:50.484root 11241100x8000000000000000260585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3a5dec1385ff0c42023-02-08 09:42:50.485root 11241100x8000000000000000260584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7edd820abb252a082023-02-08 09:42:50.485root 11241100x8000000000000000260583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53bca7a097f769db2023-02-08 09:42:50.485root 11241100x8000000000000000260582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e0d6f87b8f34d62023-02-08 09:42:50.485root 11241100x8000000000000000260581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c8671881d48804f2023-02-08 09:42:50.485root 11241100x8000000000000000260580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b774095545eafa72023-02-08 09:42:50.485root 11241100x8000000000000000260579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a06e45b0eb5912bb2023-02-08 09:42:50.485root 11241100x8000000000000000260578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9957b12192809b4d2023-02-08 09:42:50.485root 11241100x8000000000000000260577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a75c11adfac672a2023-02-08 09:42:50.485root 11241100x8000000000000000260576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9518d335e80a54292023-02-08 09:42:50.485root 11241100x8000000000000000260575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.355461efa133b9802023-02-08 09:42:50.485root 11241100x8000000000000000260574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e266d7e90648cd5f2023-02-08 09:42:50.485root 11241100x8000000000000000260573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb48ce16805627b2023-02-08 09:42:50.485root 11241100x8000000000000000260572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc56d6877dff0d692023-02-08 09:42:50.485root 11241100x8000000000000000260571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331a9abe9b92b7072023-02-08 09:42:50.485root 11241100x8000000000000000260597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2fea92fb9eb70412023-02-08 09:42:50.486root 11241100x8000000000000000260596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d4f5e8e0329a3c22023-02-08 09:42:50.486root 11241100x8000000000000000260595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a19ca50de318ec322023-02-08 09:42:50.486root 11241100x8000000000000000260594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35ca6a7188393ad32023-02-08 09:42:50.486root 11241100x8000000000000000260593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b49225e683cbc3982023-02-08 09:42:50.486root 11241100x8000000000000000260592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb7c21cabb7417d2023-02-08 09:42:50.486root 11241100x8000000000000000260591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a1a43a61222ee52023-02-08 09:42:50.486root 11241100x8000000000000000260590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0837cd1ece29bd002023-02-08 09:42:50.486root 11241100x8000000000000000260589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50a9ac1d380c56782023-02-08 09:42:50.486root 11241100x8000000000000000260588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51455a36f925aef02023-02-08 09:42:50.486root 11241100x8000000000000000260587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efbcbea48546cb042023-02-08 09:42:50.486root 11241100x8000000000000000260586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.795a3704d6fa9fc62023-02-08 09:42:50.486root 11241100x8000000000000000260601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ae099084254e0d92023-02-08 09:42:50.487root 11241100x8000000000000000260600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4172c3a24b12533a2023-02-08 09:42:50.487root 11241100x8000000000000000260599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cce8734f59d87522023-02-08 09:42:50.487root 11241100x8000000000000000260598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.701caab5172dfb032023-02-08 09:42:50.487root 11241100x8000000000000000260602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31cd101d9b7dc53e2023-02-08 09:42:50.984root 11241100x8000000000000000260614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bb16aabadea690e2023-02-08 09:42:50.985root 11241100x8000000000000000260613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e32fe630b27acb22023-02-08 09:42:50.985root 11241100x8000000000000000260612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c9440d9a8bdaea2023-02-08 09:42:50.985root 11241100x8000000000000000260611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c1dec8c50f29202023-02-08 09:42:50.985root 11241100x8000000000000000260610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5bab92f2c30719a2023-02-08 09:42:50.985root 11241100x8000000000000000260609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2432d831e3dfc9652023-02-08 09:42:50.985root 11241100x8000000000000000260608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7120503f5b3c8d542023-02-08 09:42:50.985root 11241100x8000000000000000260607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1d6e1b92063fe282023-02-08 09:42:50.985root 11241100x8000000000000000260606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1368e32f26663a6c2023-02-08 09:42:50.985root 11241100x8000000000000000260605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb13755443be05302023-02-08 09:42:50.985root 11241100x8000000000000000260604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fce4b6bceb41c9782023-02-08 09:42:50.985root 11241100x8000000000000000260603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.802583fab34fe1dd2023-02-08 09:42:50.985root 11241100x8000000000000000260623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de9e7604afd5d4602023-02-08 09:42:50.986root 11241100x8000000000000000260622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.579220008e716f2e2023-02-08 09:42:50.986root 11241100x8000000000000000260621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a95a62a7f98300032023-02-08 09:42:50.986root 11241100x8000000000000000260620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de2b5c8f37152632023-02-08 09:42:50.986root 11241100x8000000000000000260619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e00198adfca8a59d2023-02-08 09:42:50.986root 11241100x8000000000000000260618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc024d4f7e21972e2023-02-08 09:42:50.986root 11241100x8000000000000000260617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e6fe9464df067062023-02-08 09:42:50.986root 11241100x8000000000000000260616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d2cee83eabd6f42023-02-08 09:42:50.986root 11241100x8000000000000000260615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b9b75469cded7f2023-02-08 09:42:50.986root 11241100x8000000000000000260625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f37e0256283eee312023-02-08 09:42:50.987root 11241100x8000000000000000260624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc75736c6297faa72023-02-08 09:42:50.987root 11241100x8000000000000000260629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b837921652cd5892023-02-08 09:42:51.484root 11241100x8000000000000000260628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.460be8dab51804732023-02-08 09:42:51.484root 11241100x8000000000000000260627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bd437641b46b6282023-02-08 09:42:51.484root 11241100x8000000000000000260626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.630fd0009bf706a72023-02-08 09:42:51.484root 11241100x8000000000000000260636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59056c1fb7585ca52023-02-08 09:42:51.485root 11241100x8000000000000000260635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d09021e2829230c2023-02-08 09:42:51.485root 11241100x8000000000000000260634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.045e69bd7e4ad3872023-02-08 09:42:51.485root 11241100x8000000000000000260633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb0dc0514c1d76062023-02-08 09:42:51.485root 11241100x8000000000000000260632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f200dedddea26a5b2023-02-08 09:42:51.485root 11241100x8000000000000000260631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74ec8b39592b6cff2023-02-08 09:42:51.485root 11241100x8000000000000000260630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a70a78f58e447102023-02-08 09:42:51.485root 11241100x8000000000000000260649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93043c7df638a9f92023-02-08 09:42:51.486root 11241100x8000000000000000260648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0d48ff0238c188b2023-02-08 09:42:51.486root 11241100x8000000000000000260647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22f1d694b0dfbb0b2023-02-08 09:42:51.486root 11241100x8000000000000000260646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.281493e4647eea442023-02-08 09:42:51.486root 11241100x8000000000000000260645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ef5c27c4ea92d22023-02-08 09:42:51.486root 11241100x8000000000000000260644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c420f6a1ea8d5bd02023-02-08 09:42:51.486root 11241100x8000000000000000260643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c3c5e362de1366a2023-02-08 09:42:51.486root 11241100x8000000000000000260642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba944d21995e226e2023-02-08 09:42:51.486root 11241100x8000000000000000260641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3fedb909cf5680a2023-02-08 09:42:51.486root 11241100x8000000000000000260640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9358bb9074df75692023-02-08 09:42:51.486root 11241100x8000000000000000260639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2baf4b962d5390ea2023-02-08 09:42:51.486root 11241100x8000000000000000260638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90641c04c5ff45ce2023-02-08 09:42:51.486root 11241100x8000000000000000260637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.477cd6b54a427b402023-02-08 09:42:51.486root 11241100x8000000000000000260654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbf7ac798b7ab48d2023-02-08 09:42:51.984root 11241100x8000000000000000260653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b6d4e95ec0f1f492023-02-08 09:42:51.984root 11241100x8000000000000000260652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8242cf21ec220ab92023-02-08 09:42:51.984root 11241100x8000000000000000260651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.441e3c1cde09e7652023-02-08 09:42:51.984root 11241100x8000000000000000260650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e191402049686fb92023-02-08 09:42:51.984root 11241100x8000000000000000260665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d052ff8cb1097752023-02-08 09:42:51.985root 11241100x8000000000000000260664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.706de7d530ccabe82023-02-08 09:42:51.985root 11241100x8000000000000000260663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e6a8fa8fc50538e2023-02-08 09:42:51.985root 11241100x8000000000000000260662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f50a97ccd48be1382023-02-08 09:42:51.985root 11241100x8000000000000000260661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f577177efcadc60e2023-02-08 09:42:51.985root 11241100x8000000000000000260660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23710d48f4fde90d2023-02-08 09:42:51.985root 11241100x8000000000000000260659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b04a1af9b8ef2642023-02-08 09:42:51.985root 11241100x8000000000000000260658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a7d8af376c3fe4c2023-02-08 09:42:51.985root 11241100x8000000000000000260657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebc78742c82df3522023-02-08 09:42:51.985root 11241100x8000000000000000260656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b571ea6acf294c0c2023-02-08 09:42:51.985root 11241100x8000000000000000260655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b6cdff0c568e01a2023-02-08 09:42:51.985root 11241100x8000000000000000260673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.095ae32331891a552023-02-08 09:42:51.986root 11241100x8000000000000000260672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e321e284223d29f2023-02-08 09:42:51.986root 11241100x8000000000000000260671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a49ec01f91c692c92023-02-08 09:42:51.986root 11241100x8000000000000000260670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb6dd4a08e3952b2023-02-08 09:42:51.986root 11241100x8000000000000000260669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bea3880ce1ff70122023-02-08 09:42:51.986root 11241100x8000000000000000260668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2906c8db64a07892023-02-08 09:42:51.986root 11241100x8000000000000000260667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e460751d71b76fb2023-02-08 09:42:51.986root 11241100x8000000000000000260666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17993b822f3394ab2023-02-08 09:42:51.986root 11241100x8000000000000000260677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfd7fb5dd3f5e0832023-02-08 09:42:52.484root 11241100x8000000000000000260676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.134eb4879dee6c432023-02-08 09:42:52.484root 11241100x8000000000000000260675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3ef7a9d00f44b4c2023-02-08 09:42:52.484root 11241100x8000000000000000260674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f3dabc398c1d35a2023-02-08 09:42:52.484root 11241100x8000000000000000260688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.178fae69ff415f192023-02-08 09:42:52.485root 11241100x8000000000000000260687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e5f76ecc7e07e762023-02-08 09:42:52.485root 11241100x8000000000000000260686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da264bfcd5afc972023-02-08 09:42:52.485root 11241100x8000000000000000260685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d07f0906fc55d33e2023-02-08 09:42:52.485root 11241100x8000000000000000260684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3358c8c52dc000da2023-02-08 09:42:52.485root 11241100x8000000000000000260683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.741a3068502e3e722023-02-08 09:42:52.485root 11241100x8000000000000000260682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.045b3331576d87302023-02-08 09:42:52.485root 11241100x8000000000000000260681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86dd101964454b102023-02-08 09:42:52.485root 11241100x8000000000000000260680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cec32f78daac31f52023-02-08 09:42:52.485root 11241100x8000000000000000260679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ae53c72e31c5e82023-02-08 09:42:52.485root 11241100x8000000000000000260678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a2c106b353d98a2023-02-08 09:42:52.485root 11241100x8000000000000000260697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08eeef0137bf5d4d2023-02-08 09:42:52.486root 11241100x8000000000000000260696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f954cc7a5fe32482023-02-08 09:42:52.486root 11241100x8000000000000000260695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ef185a4debb2e12023-02-08 09:42:52.486root 11241100x8000000000000000260694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f36b7fe892b46802023-02-08 09:42:52.486root 11241100x8000000000000000260693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f5ec142aacf59a2023-02-08 09:42:52.486root 11241100x8000000000000000260692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba1be2812ebd71332023-02-08 09:42:52.486root 11241100x8000000000000000260691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cbb35b537b5156a2023-02-08 09:42:52.486root 11241100x8000000000000000260690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f27dbcf3973bf81f2023-02-08 09:42:52.486root 11241100x8000000000000000260689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82034eb0adaf9ffb2023-02-08 09:42:52.486root 11241100x8000000000000000260702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7768d21c647a4472023-02-08 09:42:52.984root 11241100x8000000000000000260701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43d8540e4e20974b2023-02-08 09:42:52.984root 11241100x8000000000000000260700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da5a1836c92acd8f2023-02-08 09:42:52.984root 11241100x8000000000000000260699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48a9b5e8eccb73f72023-02-08 09:42:52.984root 11241100x8000000000000000260698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de7d4ec87a1d7b7b2023-02-08 09:42:52.984root 11241100x8000000000000000260708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.589902203f2a0a172023-02-08 09:42:52.985root 11241100x8000000000000000260707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e528de9d33833e5a2023-02-08 09:42:52.985root 11241100x8000000000000000260706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9226d361f212b6052023-02-08 09:42:52.985root 11241100x8000000000000000260705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d97f51260b9cb32023-02-08 09:42:52.985root 11241100x8000000000000000260704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f5199de43de7622023-02-08 09:42:52.985root 11241100x8000000000000000260703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72c3a73e4f46bd002023-02-08 09:42:52.985root 11241100x8000000000000000260720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ff2a3224a2ebac62023-02-08 09:42:52.986root 11241100x8000000000000000260719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80877b9bfabd20782023-02-08 09:42:52.986root 11241100x8000000000000000260718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c7a84a102edab5d2023-02-08 09:42:52.986root 11241100x8000000000000000260717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd297df1a266766b2023-02-08 09:42:52.986root 11241100x8000000000000000260716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8921413639242c902023-02-08 09:42:52.986root 11241100x8000000000000000260715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67170ea886ce50612023-02-08 09:42:52.986root 11241100x8000000000000000260714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.687b2ca23df71cb62023-02-08 09:42:52.986root 11241100x8000000000000000260713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e99ce4334cb0ea52023-02-08 09:42:52.986root 11241100x8000000000000000260712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61dca67b24cdbe612023-02-08 09:42:52.986root 11241100x8000000000000000260711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb0f0bb9acef5c7f2023-02-08 09:42:52.986root 11241100x8000000000000000260710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7032123a8fd125ba2023-02-08 09:42:52.986root 11241100x8000000000000000260709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c8235bb8a38b7792023-02-08 09:42:52.986root 11241100x8000000000000000260721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c268125ff00881802023-02-08 09:42:52.987root 354300x8000000000000000260722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.226{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-42276-false10.0.1.12-8000- 11241100x8000000000000000260725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d3140566719cbc32023-02-08 09:42:53.484root 11241100x8000000000000000260724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70de63265e5b511a2023-02-08 09:42:53.484root 11241100x8000000000000000260723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.656f495955a635372023-02-08 09:42:53.484root 11241100x8000000000000000260730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d1361c35f64e672023-02-08 09:42:53.485root 11241100x8000000000000000260729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f39e9d1e866cd6dd2023-02-08 09:42:53.485root 11241100x8000000000000000260728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b1eb4b5dfd3f15d2023-02-08 09:42:53.485root 11241100x8000000000000000260727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.231afb9ca56e32fe2023-02-08 09:42:53.485root 11241100x8000000000000000260726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a9262f585c398d2023-02-08 09:42:53.485root 11241100x8000000000000000260745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.434cca102b86c4f22023-02-08 09:42:53.486root 11241100x8000000000000000260744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f9494f10ba43852023-02-08 09:42:53.486root 11241100x8000000000000000260743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e39144947a97c7372023-02-08 09:42:53.486root 11241100x8000000000000000260742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb8b66005f2bfe42023-02-08 09:42:53.486root 11241100x8000000000000000260741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1825c920d4e669a2023-02-08 09:42:53.486root 11241100x8000000000000000260740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f8579182edf8702023-02-08 09:42:53.486root 11241100x8000000000000000260739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d4bddb67af12002023-02-08 09:42:53.486root 11241100x8000000000000000260738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc508fd4730dd672023-02-08 09:42:53.486root 11241100x8000000000000000260737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f97bd3d177497a2023-02-08 09:42:53.486root 11241100x8000000000000000260736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3d65dfd9f52ce552023-02-08 09:42:53.486root 11241100x8000000000000000260735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d4197601c17d8ff2023-02-08 09:42:53.486root 11241100x8000000000000000260734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c6bd10c1a59af4f2023-02-08 09:42:53.486root 11241100x8000000000000000260733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d156c5a9f194e0aa2023-02-08 09:42:53.486root 11241100x8000000000000000260732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd0e34f9d583a602023-02-08 09:42:53.486root 11241100x8000000000000000260731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30f8a96760740f1f2023-02-08 09:42:53.486root 11241100x8000000000000000260749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f18aacdabd5addbc2023-02-08 09:42:53.487root 11241100x8000000000000000260748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6588598585d1bee62023-02-08 09:42:53.487root 11241100x8000000000000000260747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa0cdbea26ee135f2023-02-08 09:42:53.487root 11241100x8000000000000000260746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e6aae2f2bb1a5ac2023-02-08 09:42:53.487root 11241100x8000000000000000260754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd13c1098efed0a02023-02-08 09:42:53.984root 11241100x8000000000000000260753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b197913c8354a362023-02-08 09:42:53.984root 11241100x8000000000000000260752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f44989996b8311e82023-02-08 09:42:53.984root 11241100x8000000000000000260751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e241b7b73893f782023-02-08 09:42:53.984root 11241100x8000000000000000260750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d779356caf371672023-02-08 09:42:53.984root 11241100x8000000000000000260767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2792027304577d42023-02-08 09:42:53.985root 11241100x8000000000000000260766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc218f9cfbb257582023-02-08 09:42:53.985root 11241100x8000000000000000260765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe57b7036420f9b82023-02-08 09:42:53.985root 11241100x8000000000000000260764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ed520e909c139f2023-02-08 09:42:53.985root 11241100x8000000000000000260763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e67c8765b5752e12023-02-08 09:42:53.985root 11241100x8000000000000000260762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4adae9c613cf17df2023-02-08 09:42:53.985root 11241100x8000000000000000260761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbfb39d43ad6f3ff2023-02-08 09:42:53.985root 11241100x8000000000000000260760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb1c9c5a3b93cc3f2023-02-08 09:42:53.985root 11241100x8000000000000000260759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19e3299ad7cea50d2023-02-08 09:42:53.985root 11241100x8000000000000000260758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b586cf6c3d3f2b912023-02-08 09:42:53.985root 11241100x8000000000000000260757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78aa223ca975d78f2023-02-08 09:42:53.985root 11241100x8000000000000000260756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609a364ef1b978e12023-02-08 09:42:53.985root 11241100x8000000000000000260755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.addaae2fb08631262023-02-08 09:42:53.985root 11241100x8000000000000000260774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fddc38b79bea9142023-02-08 09:42:53.986root 11241100x8000000000000000260773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01f488e9afe66e7e2023-02-08 09:42:53.986root 11241100x8000000000000000260772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f681a5a62815142023-02-08 09:42:53.986root 11241100x8000000000000000260771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3857a3b808ffce422023-02-08 09:42:53.986root 11241100x8000000000000000260770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7ba157447ac0ef2023-02-08 09:42:53.986root 11241100x8000000000000000260769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db4441a2dbb4d7fa2023-02-08 09:42:53.986root 11241100x8000000000000000260768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.715d0dcde9bebf862023-02-08 09:42:53.986root 11241100x8000000000000000260778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.420ec0507dd3f4962023-02-08 09:42:54.484root 11241100x8000000000000000260777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba8210f43e1af3ca2023-02-08 09:42:54.484root 11241100x8000000000000000260776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb5baca2642e4a492023-02-08 09:42:54.484root 11241100x8000000000000000260775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac007188e16b7db12023-02-08 09:42:54.484root 11241100x8000000000000000260790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67603b9033227ec72023-02-08 09:42:54.485root 11241100x8000000000000000260789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e8bad4a8798d8bd2023-02-08 09:42:54.485root 11241100x8000000000000000260788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4191a1efd0b9ec1a2023-02-08 09:42:54.485root 11241100x8000000000000000260787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80e85956ca7ee1942023-02-08 09:42:54.485root 11241100x8000000000000000260786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50984f0107a446622023-02-08 09:42:54.485root 11241100x8000000000000000260785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea43e9618207afa92023-02-08 09:42:54.485root 11241100x8000000000000000260784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900dfd5bda502ee92023-02-08 09:42:54.485root 11241100x8000000000000000260783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef1ee6e8938405ff2023-02-08 09:42:54.485root 11241100x8000000000000000260782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c9c8fa877dc6c192023-02-08 09:42:54.485root 11241100x8000000000000000260781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6371807a58cea1c92023-02-08 09:42:54.485root 11241100x8000000000000000260780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131018996d8d985c2023-02-08 09:42:54.485root 11241100x8000000000000000260779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdfa05e4b15164ea2023-02-08 09:42:54.485root 11241100x8000000000000000260800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f127b1df38221c902023-02-08 09:42:54.486root 11241100x8000000000000000260799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ade32a08fdf87df12023-02-08 09:42:54.486root 11241100x8000000000000000260798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15feb44622cd7f222023-02-08 09:42:54.486root 11241100x8000000000000000260797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f89cda9f5714452023-02-08 09:42:54.486root 11241100x8000000000000000260796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceea3b0dc36528df2023-02-08 09:42:54.486root 11241100x8000000000000000260795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7990f727834a66c82023-02-08 09:42:54.486root 11241100x8000000000000000260794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be566f6107db70862023-02-08 09:42:54.486root 11241100x8000000000000000260793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.153d80e3352ed9292023-02-08 09:42:54.486root 11241100x8000000000000000260792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cec2ea48a785c81a2023-02-08 09:42:54.486root 11241100x8000000000000000260791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b9c31db512518c32023-02-08 09:42:54.486root 11241100x8000000000000000260809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc4dfb25c6572e9a2023-02-08 09:42:54.985root 11241100x8000000000000000260808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ba369bea17b8f6a2023-02-08 09:42:54.985root 11241100x8000000000000000260807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.095132fe8c3c9bc72023-02-08 09:42:54.985root 11241100x8000000000000000260806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5846bed1cbaf3ec42023-02-08 09:42:54.985root 11241100x8000000000000000260805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c6e9369af350d62023-02-08 09:42:54.985root 11241100x8000000000000000260804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.101c84541389b0f72023-02-08 09:42:54.985root 11241100x8000000000000000260803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e42b8e3be259842023-02-08 09:42:54.985root 11241100x8000000000000000260802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa7d71645594e4392023-02-08 09:42:54.985root 11241100x8000000000000000260801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c8b986281c098b22023-02-08 09:42:54.985root 11241100x8000000000000000260822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b418779d39621502023-02-08 09:42:54.986root 11241100x8000000000000000260821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e81760428aa1732023-02-08 09:42:54.986root 11241100x8000000000000000260820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a9574c2ed7fcef42023-02-08 09:42:54.986root 11241100x8000000000000000260819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ce3ce6e5e57b072023-02-08 09:42:54.986root 11241100x8000000000000000260818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba4bdbdf7469f6402023-02-08 09:42:54.986root 11241100x8000000000000000260817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a936864505df432023-02-08 09:42:54.986root 11241100x8000000000000000260816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ca08e172e6f0622023-02-08 09:42:54.986root 11241100x8000000000000000260815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0c4bfae9c2423bb2023-02-08 09:42:54.986root 11241100x8000000000000000260814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.060b86b92b0840672023-02-08 09:42:54.986root 11241100x8000000000000000260813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e990aa193dccd02023-02-08 09:42:54.986root 11241100x8000000000000000260812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b142c40f1869ee52023-02-08 09:42:54.986root 11241100x8000000000000000260811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a782030dd67f352023-02-08 09:42:54.986root 11241100x8000000000000000260810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae01b465d1a0b522023-02-08 09:42:54.986root 11241100x8000000000000000260825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73898382f636f4c92023-02-08 09:42:54.987root 11241100x8000000000000000260824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c01971e969482f2023-02-08 09:42:54.987root 11241100x8000000000000000260823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ea724d4e3078ef92023-02-08 09:42:54.987root 11241100x8000000000000000260826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9361934a040377182023-02-08 09:42:55.484root 11241100x8000000000000000260837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a97223f56d4d1f72023-02-08 09:42:55.485root 11241100x8000000000000000260836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22d612c76e8072b52023-02-08 09:42:55.485root 11241100x8000000000000000260835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8acfe8c73189c59e2023-02-08 09:42:55.485root 11241100x8000000000000000260834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14d0268d57970fb82023-02-08 09:42:55.485root 11241100x8000000000000000260833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.868b2482673a3b102023-02-08 09:42:55.485root 11241100x8000000000000000260832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9194f3059e3d68d2023-02-08 09:42:55.485root 11241100x8000000000000000260831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ef4425f226335c12023-02-08 09:42:55.485root 11241100x8000000000000000260830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beae07422995c8fd2023-02-08 09:42:55.485root 11241100x8000000000000000260829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6b3e2f37f167b092023-02-08 09:42:55.485root 11241100x8000000000000000260828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e60fcb46c8e21902023-02-08 09:42:55.485root 11241100x8000000000000000260827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f4fb21578b9e6b2023-02-08 09:42:55.485root 11241100x8000000000000000260846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6ae1f49104eb842023-02-08 09:42:55.486root 11241100x8000000000000000260845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd928778d87ea2732023-02-08 09:42:55.486root 11241100x8000000000000000260844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede23b0fe9e8f4d12023-02-08 09:42:55.486root 11241100x8000000000000000260843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca5243803171bb42023-02-08 09:42:55.486root 11241100x8000000000000000260842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e53a74e1be468f52023-02-08 09:42:55.486root 11241100x8000000000000000260841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c750449e21c04122023-02-08 09:42:55.486root 11241100x8000000000000000260840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7a173b33cf0fd8e2023-02-08 09:42:55.486root 11241100x8000000000000000260839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2636be40e1829a0d2023-02-08 09:42:55.486root 11241100x8000000000000000260838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf044e0f13ba85c32023-02-08 09:42:55.486root 11241100x8000000000000000260850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.827b8e455bae8b1c2023-02-08 09:42:55.487root 11241100x8000000000000000260849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4ae23089e0ebbed2023-02-08 09:42:55.487root 11241100x8000000000000000260848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.540326413abbb98a2023-02-08 09:42:55.487root 11241100x8000000000000000260847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fc411fe1cad73ed2023-02-08 09:42:55.487root 11241100x8000000000000000260851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f85b6b2e36ba632023-02-08 09:42:55.984root 11241100x8000000000000000260861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e172f3f7c475e3e02023-02-08 09:42:55.985root 11241100x8000000000000000260860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f7dace1ca0868b92023-02-08 09:42:55.985root 11241100x8000000000000000260859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5d27f43693013792023-02-08 09:42:55.985root 11241100x8000000000000000260858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fcb509e2b438e592023-02-08 09:42:55.985root 11241100x8000000000000000260857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.954f3d13537d919b2023-02-08 09:42:55.985root 11241100x8000000000000000260856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f55156919c2d9fa02023-02-08 09:42:55.985root 11241100x8000000000000000260855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc720671def9d6202023-02-08 09:42:55.985root 11241100x8000000000000000260854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b523ecf7c5a9446c2023-02-08 09:42:55.985root 11241100x8000000000000000260853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa3a8e73c7eb5fb42023-02-08 09:42:55.985root 11241100x8000000000000000260852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.043e18f16855aa672023-02-08 09:42:55.985root 11241100x8000000000000000260875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f54a9b48e76e250b2023-02-08 09:42:55.986root 11241100x8000000000000000260874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f223ce94dda2dc2023-02-08 09:42:55.986root 11241100x8000000000000000260873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.350a0aed1a2a44dc2023-02-08 09:42:55.986root 11241100x8000000000000000260872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4656f92f1112fdb32023-02-08 09:42:55.986root 11241100x8000000000000000260871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4edd3433f38f64fc2023-02-08 09:42:55.986root 11241100x8000000000000000260870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0996e5bbde1f1b2c2023-02-08 09:42:55.986root 11241100x8000000000000000260869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9e2b9bb9753c0402023-02-08 09:42:55.986root 11241100x8000000000000000260868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cb60d36a39259f22023-02-08 09:42:55.986root 11241100x8000000000000000260867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34125fe0451b40eb2023-02-08 09:42:55.986root 11241100x8000000000000000260866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a75d27c41f7d302023-02-08 09:42:55.986root 11241100x8000000000000000260865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef08c74f161dcc222023-02-08 09:42:55.986root 11241100x8000000000000000260864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b535e70aed675f2023-02-08 09:42:55.986root 11241100x8000000000000000260863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd15ef81636793ab2023-02-08 09:42:55.986root 11241100x8000000000000000260862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c112dee194ffbd42023-02-08 09:42:55.986root 11241100x8000000000000000260888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeef93d382bcf7ac2023-02-08 09:42:56.485root 11241100x8000000000000000260887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.107555a4638a16172023-02-08 09:42:56.485root 11241100x8000000000000000260886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd7600eeca1646632023-02-08 09:42:56.485root 11241100x8000000000000000260885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd89e2f5dd25e0e32023-02-08 09:42:56.485root 11241100x8000000000000000260884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.179a42859a88be5d2023-02-08 09:42:56.485root 11241100x8000000000000000260883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a9e9246cb36d9d2023-02-08 09:42:56.485root 11241100x8000000000000000260882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffc35da3107f1a402023-02-08 09:42:56.485root 11241100x8000000000000000260881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.395001ea80139a962023-02-08 09:42:56.485root 11241100x8000000000000000260880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b63f06436cae0132023-02-08 09:42:56.485root 11241100x8000000000000000260879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da49c5a5ed52dc8a2023-02-08 09:42:56.485root 11241100x8000000000000000260878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eb720d661b1a5652023-02-08 09:42:56.485root 11241100x8000000000000000260877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.191028e1bbcdc43c2023-02-08 09:42:56.485root 11241100x8000000000000000260876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4095ac7f684dd2eb2023-02-08 09:42:56.485root 11241100x8000000000000000260900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f72ea72117657be12023-02-08 09:42:56.486root 11241100x8000000000000000260899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d37b021c8466f562023-02-08 09:42:56.486root 11241100x8000000000000000260898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e99b793967f760412023-02-08 09:42:56.486root 11241100x8000000000000000260897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e207f90dbab0b712023-02-08 09:42:56.486root 11241100x8000000000000000260896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e424b59e956271272023-02-08 09:42:56.486root 11241100x8000000000000000260895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5f4fc70506b39d32023-02-08 09:42:56.486root 11241100x8000000000000000260894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7445aebd59c981452023-02-08 09:42:56.486root 11241100x8000000000000000260893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9408eae6b1669d312023-02-08 09:42:56.486root 11241100x8000000000000000260892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c8e82c73b318692023-02-08 09:42:56.486root 11241100x8000000000000000260891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f5142f4617f04312023-02-08 09:42:56.486root 11241100x8000000000000000260890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb6259a7731937082023-02-08 09:42:56.486root 11241100x8000000000000000260889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.943956860f5ddd402023-02-08 09:42:56.486root 11241100x8000000000000000260903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ca7f69c41512e82023-02-08 09:42:56.984root 11241100x8000000000000000260902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0bfba4fcad4b6bc2023-02-08 09:42:56.984root 11241100x8000000000000000260901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5649af88ac7c00d02023-02-08 09:42:56.984root 11241100x8000000000000000260919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e37fd52437383e2023-02-08 09:42:56.985root 11241100x8000000000000000260918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.612d94a892d777ca2023-02-08 09:42:56.985root 11241100x8000000000000000260917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd13e6780a95fe632023-02-08 09:42:56.985root 11241100x8000000000000000260916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c4a0959f78972c32023-02-08 09:42:56.985root 11241100x8000000000000000260915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc5d24ed6c8c5c682023-02-08 09:42:56.985root 11241100x8000000000000000260914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b45219eac370603b2023-02-08 09:42:56.985root 11241100x8000000000000000260913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3bd6524259ee8f22023-02-08 09:42:56.985root 11241100x8000000000000000260912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c96a474840f8c7ed2023-02-08 09:42:56.985root 11241100x8000000000000000260911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef0eb1a865dfdf762023-02-08 09:42:56.985root 11241100x8000000000000000260910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b206f3c9f4ddca442023-02-08 09:42:56.985root 11241100x8000000000000000260909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb85a49eeb9e25362023-02-08 09:42:56.985root 11241100x8000000000000000260908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a889774732107c22023-02-08 09:42:56.985root 11241100x8000000000000000260907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c1d972574698fd2023-02-08 09:42:56.985root 11241100x8000000000000000260906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8267eaed2ead689c2023-02-08 09:42:56.985root 11241100x8000000000000000260905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b22efd7ab3eccb2023-02-08 09:42:56.985root 11241100x8000000000000000260904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5f579335684009c2023-02-08 09:42:56.985root 11241100x8000000000000000260925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6666f89bb69c59902023-02-08 09:42:56.986root 11241100x8000000000000000260924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0919e88820260f9c2023-02-08 09:42:56.986root 11241100x8000000000000000260923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1afcfa91df143a152023-02-08 09:42:56.986root 11241100x8000000000000000260922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.101fc0e613efba5b2023-02-08 09:42:56.986root 11241100x8000000000000000260921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63ac45754d85eaf22023-02-08 09:42:56.986root 11241100x8000000000000000260920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.312f84923e28dd612023-02-08 09:42:56.986root 11241100x8000000000000000260932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4edc878df85eebf72023-02-08 09:42:57.485root 11241100x8000000000000000260931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.309bdcd78d91924f2023-02-08 09:42:57.485root 11241100x8000000000000000260930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d56da809d7340e2023-02-08 09:42:57.485root 11241100x8000000000000000260929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39cfead8d754bc972023-02-08 09:42:57.485root 11241100x8000000000000000260928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa04e88a231ef60f2023-02-08 09:42:57.485root 11241100x8000000000000000260927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.557c42c2d2d9ae832023-02-08 09:42:57.485root 11241100x8000000000000000260926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8436312b993bcef2023-02-08 09:42:57.485root 11241100x8000000000000000260943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195466054af43fd92023-02-08 09:42:57.486root 11241100x8000000000000000260942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38c5d809c7ba50b52023-02-08 09:42:57.486root 11241100x8000000000000000260941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20700d8c1676c19b2023-02-08 09:42:57.486root 11241100x8000000000000000260940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e7ad25e455715d2023-02-08 09:42:57.486root 11241100x8000000000000000260939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a1f319e57ceff9f2023-02-08 09:42:57.486root 11241100x8000000000000000260938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.947e6473c72d2e3b2023-02-08 09:42:57.486root 11241100x8000000000000000260937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee10ce8b9bbefdf2023-02-08 09:42:57.486root 11241100x8000000000000000260936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76fb07942fe6b91a2023-02-08 09:42:57.486root 11241100x8000000000000000260935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea022586d634a382023-02-08 09:42:57.486root 11241100x8000000000000000260934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb97449d47d42f2f2023-02-08 09:42:57.486root 11241100x8000000000000000260933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0abdd4a7cc261f932023-02-08 09:42:57.486root 11241100x8000000000000000260947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f693c8346c45062023-02-08 09:42:57.487root 11241100x8000000000000000260946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e88e99e214a4fcb42023-02-08 09:42:57.487root 11241100x8000000000000000260945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec56ff994aedfc712023-02-08 09:42:57.487root 11241100x8000000000000000260944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac33a63f4e557d512023-02-08 09:42:57.487root 11241100x8000000000000000260950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f63f675a25df6caf2023-02-08 09:42:57.488root 11241100x8000000000000000260949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1be5bffb618ee07f2023-02-08 09:42:57.488root 11241100x8000000000000000260948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02a31855ca62e9172023-02-08 09:42:57.488root 11241100x8000000000000000260952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6deb72e8c05fea1e2023-02-08 09:42:57.984root 11241100x8000000000000000260951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.098668f10e7c7fcd2023-02-08 09:42:57.984root 11241100x8000000000000000260955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d32238e5983a632023-02-08 09:42:57.985root 11241100x8000000000000000260954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3cb67fd84ee9ea2023-02-08 09:42:57.985root 11241100x8000000000000000260953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be2a3f3d2a9168792023-02-08 09:42:57.985root 11241100x8000000000000000260959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e982ff071c9b1de02023-02-08 09:42:57.986root 11241100x8000000000000000260958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.286204d0b72ad0692023-02-08 09:42:57.986root 11241100x8000000000000000260957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.068fd5483fa1dda22023-02-08 09:42:57.986root 11241100x8000000000000000260956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f49412985d7cc222023-02-08 09:42:57.986root 11241100x8000000000000000260964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b4b23102cd8b5902023-02-08 09:42:57.987root 11241100x8000000000000000260963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d1d4ee6ba8881592023-02-08 09:42:57.987root 11241100x8000000000000000260962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46281f7b4de8f9d72023-02-08 09:42:57.987root 11241100x8000000000000000260961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.181e26b1c78aaad92023-02-08 09:42:57.987root 11241100x8000000000000000260960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c1812a6f67159ea2023-02-08 09:42:57.987root 11241100x8000000000000000260968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c40ad04d5688622023-02-08 09:42:57.988root 11241100x8000000000000000260967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f2bf2cab5fea19a2023-02-08 09:42:57.988root 11241100x8000000000000000260966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ca24b197ff95d092023-02-08 09:42:57.988root 11241100x8000000000000000260965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55239837f57861812023-02-08 09:42:57.988root 11241100x8000000000000000260970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6acbaa673a94fb5f2023-02-08 09:42:57.989root 11241100x8000000000000000260969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43b563d59366516f2023-02-08 09:42:57.989root 11241100x8000000000000000260974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61bfc640129c33392023-02-08 09:42:57.990root 11241100x8000000000000000260973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9ccefdbab34736f2023-02-08 09:42:57.990root 11241100x8000000000000000260972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eed8d3e26ab3e562023-02-08 09:42:57.990root 11241100x8000000000000000260971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c74689ceec31d65b2023-02-08 09:42:57.990root 11241100x8000000000000000260975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c570540aca6f6542023-02-08 09:42:57.991root 11241100x8000000000000000260979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.121d33780c3bf3232023-02-08 09:42:58.484root 11241100x8000000000000000260978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a52acfd0ea99c3362023-02-08 09:42:58.484root 11241100x8000000000000000260977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42a8d885bde6f5122023-02-08 09:42:58.484root 11241100x8000000000000000260976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56c3a0db109de82e2023-02-08 09:42:58.484root 11241100x8000000000000000260985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.792022623d7ea8d82023-02-08 09:42:58.485root 11241100x8000000000000000260984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987c8642610181d52023-02-08 09:42:58.485root 11241100x8000000000000000260983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331be43b3837f8632023-02-08 09:42:58.485root 11241100x8000000000000000260982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3333df61320f5f22023-02-08 09:42:58.485root 11241100x8000000000000000260981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2d7dc1ac97e4a612023-02-08 09:42:58.485root 11241100x8000000000000000260980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ded028414b4f35bd2023-02-08 09:42:58.485root 11241100x8000000000000000260997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d90e25533453b2e62023-02-08 09:42:58.486root 11241100x8000000000000000260996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c550cf7ef7437a2023-02-08 09:42:58.486root 11241100x8000000000000000260995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.716534bf76f02f1e2023-02-08 09:42:58.486root 11241100x8000000000000000260994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c9803ddbcc41ec2023-02-08 09:42:58.486root 11241100x8000000000000000260993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f341f4166080672023-02-08 09:42:58.486root 11241100x8000000000000000260992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ab790fa5a14c22c2023-02-08 09:42:58.486root 11241100x8000000000000000260991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36d974d6e6c48d52023-02-08 09:42:58.486root 11241100x8000000000000000260990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.843eb9d88149a4392023-02-08 09:42:58.486root 11241100x8000000000000000260989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f92c86b832db88f72023-02-08 09:42:58.486root 11241100x8000000000000000260988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de8f1b055156ddc2023-02-08 09:42:58.486root 11241100x8000000000000000260987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b61841ea575a5f802023-02-08 09:42:58.486root 11241100x8000000000000000260986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21564be3925842f02023-02-08 09:42:58.486root 11241100x8000000000000000261002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6e36641f0106ce2023-02-08 09:42:58.487root 11241100x8000000000000000261001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.095aec5e155636422023-02-08 09:42:58.487root 11241100x8000000000000000261000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed65df70ec059efa2023-02-08 09:42:58.487root 11241100x8000000000000000260999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7ea594f7a284d402023-02-08 09:42:58.487root 11241100x8000000000000000260998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b43af863acf9a12023-02-08 09:42:58.487root 11241100x8000000000000000261010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.406872eadfda16292023-02-08 09:42:58.984root 11241100x8000000000000000261009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac8071d2cc822532023-02-08 09:42:58.984root 11241100x8000000000000000261008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d71fcfd47f8ca5332023-02-08 09:42:58.984root 11241100x8000000000000000261007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c8a35d19fe1ce22023-02-08 09:42:58.984root 11241100x8000000000000000261006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41800fb407feacd32023-02-08 09:42:58.984root 11241100x8000000000000000261005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4aaf8844a2d67d52023-02-08 09:42:58.984root 11241100x8000000000000000261004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c204f2c0a4fb4fcb2023-02-08 09:42:58.984root 11241100x8000000000000000261003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eea263f01d16a0042023-02-08 09:42:58.984root 11241100x8000000000000000261024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b1c0954be1b4c0f2023-02-08 09:42:58.985root 11241100x8000000000000000261023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d669e20d76e43ae2023-02-08 09:42:58.985root 11241100x8000000000000000261022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d86bfca8cce88a2023-02-08 09:42:58.985root 11241100x8000000000000000261021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6341fc0b770410062023-02-08 09:42:58.985root 11241100x8000000000000000261020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.236dd5719b6fa73f2023-02-08 09:42:58.985root 11241100x8000000000000000261019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6779f84c91d0f68c2023-02-08 09:42:58.985root 11241100x8000000000000000261018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9fe5f3fef96cf532023-02-08 09:42:58.985root 11241100x8000000000000000261017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb000475352d7822023-02-08 09:42:58.985root 11241100x8000000000000000261016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.054817a000ab71b62023-02-08 09:42:58.985root 11241100x8000000000000000261015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69bdfe16454f47db2023-02-08 09:42:58.985root 11241100x8000000000000000261014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a0bd717114715262023-02-08 09:42:58.985root 11241100x8000000000000000261013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58025f19b72251ee2023-02-08 09:42:58.985root 11241100x8000000000000000261012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9beaf62160c080092023-02-08 09:42:58.985root 11241100x8000000000000000261011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.998240c16ff52bd12023-02-08 09:42:58.985root 11241100x8000000000000000261028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.134a820bdc9543d22023-02-08 09:42:58.986root 11241100x8000000000000000261027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad946789be16f61d2023-02-08 09:42:58.986root 11241100x8000000000000000261026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.061c16d83d48c15c2023-02-08 09:42:58.986root 11241100x8000000000000000261025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e8aad3afdc18b62023-02-08 09:42:58.986root 354300x8000000000000000261029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.091{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-41904-false10.0.1.12-8000- 11241100x8000000000000000261031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e01240157250592023-02-08 09:42:59.484root 11241100x8000000000000000261030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.194b1ad86d0d6a7f2023-02-08 09:42:59.484root 11241100x8000000000000000261042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc0f545b585f6e902023-02-08 09:42:59.485root 11241100x8000000000000000261041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e88f8120530d011b2023-02-08 09:42:59.485root 11241100x8000000000000000261040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfaa311adcf8fbdf2023-02-08 09:42:59.485root 11241100x8000000000000000261039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6380feb47232bbd22023-02-08 09:42:59.485root 11241100x8000000000000000261038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e147cabe376714e2023-02-08 09:42:59.485root 11241100x8000000000000000261037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59df85c7ffc081982023-02-08 09:42:59.485root 11241100x8000000000000000261036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0dc37dc5b72d56b2023-02-08 09:42:59.485root 11241100x8000000000000000261035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e258a5b119fd529e2023-02-08 09:42:59.485root 11241100x8000000000000000261034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73748106bb74f2252023-02-08 09:42:59.485root 11241100x8000000000000000261033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9a5d499a311de522023-02-08 09:42:59.485root 11241100x8000000000000000261032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11332da7ffed99f12023-02-08 09:42:59.485root 11241100x8000000000000000261055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee598a28e2419272023-02-08 09:42:59.486root 11241100x8000000000000000261054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2f93a3cf99926642023-02-08 09:42:59.486root 11241100x8000000000000000261053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb852e90fefddf12023-02-08 09:42:59.486root 11241100x8000000000000000261052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb1d382389df275a2023-02-08 09:42:59.486root 11241100x8000000000000000261051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cdc11aedb51fed42023-02-08 09:42:59.486root 11241100x8000000000000000261050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54ab6c86438629de2023-02-08 09:42:59.486root 11241100x8000000000000000261049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd598039654a026c2023-02-08 09:42:59.486root 11241100x8000000000000000261048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2902abc095b900ea2023-02-08 09:42:59.486root 11241100x8000000000000000261047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82f0d08361f2f8ab2023-02-08 09:42:59.486root 11241100x8000000000000000261046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f6dfa0c8cd0ba032023-02-08 09:42:59.486root 11241100x8000000000000000261045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b33365e981419f12023-02-08 09:42:59.486root 11241100x8000000000000000261044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04e5a472e5c6f13a2023-02-08 09:42:59.486root 11241100x8000000000000000261043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3086649bb40539922023-02-08 09:42:59.486root 11241100x8000000000000000261067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ff71faac68cecd2023-02-08 09:42:59.985root 11241100x8000000000000000261066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9579c566954b874f2023-02-08 09:42:59.985root 11241100x8000000000000000261065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9509a33e0b7dccb2023-02-08 09:42:59.985root 11241100x8000000000000000261064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b81b2ee5dbeeb22023-02-08 09:42:59.985root 11241100x8000000000000000261063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e446b15919e1237d2023-02-08 09:42:59.985root 11241100x8000000000000000261062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbe2ac3ef07c83972023-02-08 09:42:59.985root 11241100x8000000000000000261061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0306f5a3df4bdfc02023-02-08 09:42:59.985root 11241100x8000000000000000261060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2341b3b87ebbb5bd2023-02-08 09:42:59.985root 11241100x8000000000000000261059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a95bb6f43c1a0ff2023-02-08 09:42:59.985root 11241100x8000000000000000261058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb25b39ff002c38c2023-02-08 09:42:59.985root 11241100x8000000000000000261057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db5e4077b331e5692023-02-08 09:42:59.985root 11241100x8000000000000000261056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf9f7f6bb78c820b2023-02-08 09:42:59.985root 11241100x8000000000000000261081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.527a4446ca5d2fa42023-02-08 09:42:59.986root 11241100x8000000000000000261080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ca282e051682cc2023-02-08 09:42:59.986root 11241100x8000000000000000261079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22b435dce98b7ed82023-02-08 09:42:59.986root 11241100x8000000000000000261078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dfff07a27a540102023-02-08 09:42:59.986root 11241100x8000000000000000261077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.715a596b395d38412023-02-08 09:42:59.986root 11241100x8000000000000000261076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c61732b4d29e922e2023-02-08 09:42:59.986root 11241100x8000000000000000261075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60eb59e89c6ec3cd2023-02-08 09:42:59.986root 11241100x8000000000000000261074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca541092f0afbf192023-02-08 09:42:59.986root 11241100x8000000000000000261073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c6e0b4bdcfff2572023-02-08 09:42:59.986root 11241100x8000000000000000261072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede5cc2041b69a5c2023-02-08 09:42:59.986root 11241100x8000000000000000261071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a29d05ef4b630082023-02-08 09:42:59.986root 11241100x8000000000000000261070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed1bcd84e1e3a3f2023-02-08 09:42:59.986root 11241100x8000000000000000261069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.961c50dada151e3e2023-02-08 09:42:59.986root 11241100x8000000000000000261068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39c379c089bf5dd12023-02-08 09:42:59.986root 11241100x8000000000000000261087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e408522f1cf16f2023-02-08 09:43:00.484root 11241100x8000000000000000261086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5373b2ede32f58722023-02-08 09:43:00.484root 11241100x8000000000000000261085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da8c309018d181f2023-02-08 09:43:00.484root 11241100x8000000000000000261084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee501a0ee0bf91932023-02-08 09:43:00.484root 11241100x8000000000000000261083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.809d39b02a1269af2023-02-08 09:43:00.484root 11241100x8000000000000000261082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5edf0f45c16d5aac2023-02-08 09:43:00.484root 11241100x8000000000000000261101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18bfd62b8af57eaa2023-02-08 09:43:00.485root 11241100x8000000000000000261100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3bfba8eecf36a332023-02-08 09:43:00.485root 11241100x8000000000000000261099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23d6afd9bb8924d62023-02-08 09:43:00.485root 11241100x8000000000000000261098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8fa0107eecd771e2023-02-08 09:43:00.485root 11241100x8000000000000000261097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67d318ea380a7732023-02-08 09:43:00.485root 11241100x8000000000000000261096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b4db54e970af4012023-02-08 09:43:00.485root 11241100x8000000000000000261095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4dcc04c18d8c022023-02-08 09:43:00.485root 11241100x8000000000000000261094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6808b2f112c5aba2023-02-08 09:43:00.485root 11241100x8000000000000000261093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0bfea7f947463e82023-02-08 09:43:00.485root 11241100x8000000000000000261092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e759ee2a2ca5d532023-02-08 09:43:00.485root 11241100x8000000000000000261091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4f5ade9cb1e77432023-02-08 09:43:00.485root 11241100x8000000000000000261090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd47020aefcf140b2023-02-08 09:43:00.485root 11241100x8000000000000000261089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c7e50c6c7126882023-02-08 09:43:00.485root 11241100x8000000000000000261088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.771b5b7e6f1a3db42023-02-08 09:43:00.485root 11241100x8000000000000000261108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76fa17e08df517dd2023-02-08 09:43:00.486root 11241100x8000000000000000261107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde660fd79303d272023-02-08 09:43:00.486root 11241100x8000000000000000261106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef1f2f2ad8aa2d3b2023-02-08 09:43:00.486root 11241100x8000000000000000261105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a17a5b024c67a8ea2023-02-08 09:43:00.486root 11241100x8000000000000000261104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca57fbc07d8bf0742023-02-08 09:43:00.486root 11241100x8000000000000000261103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1f51e99a10ce1c02023-02-08 09:43:00.486root 11241100x8000000000000000261102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1c488dc5389bd872023-02-08 09:43:00.486root 154100x8000000000000000261109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.866{ec2a0601-6ea4-63e3-6844-c62ec0550000}5804/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/6312root{ec2a0601-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2404--- 11241100x8000000000000000261113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.867{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f3887918716414e2023-02-08 09:43:00.867root 11241100x8000000000000000261112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.867{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba0cc5dec32085bf2023-02-08 09:43:00.867root 11241100x8000000000000000261111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.867{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a686f0f3cff47e052023-02-08 09:43:00.867root 11241100x8000000000000000261110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.867{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed6b6fc457be15d2023-02-08 09:43:00.867root 11241100x8000000000000000261118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.868{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.050f77b9980ce7972023-02-08 09:43:00.868root 11241100x8000000000000000261117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.868{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc22117808bcb3fa2023-02-08 09:43:00.868root 11241100x8000000000000000261116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.868{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a4c2263419e30e2023-02-08 09:43:00.868root 11241100x8000000000000000261115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.868{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.425a98d79074d18a2023-02-08 09:43:00.868root 11241100x8000000000000000261114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.868{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ece93d38f4a8b92023-02-08 09:43:00.868root 11241100x8000000000000000261128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.869{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3497600d93bbc1752023-02-08 09:43:00.869root 11241100x8000000000000000261127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.869{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e15f2ee3eb0aa2c2023-02-08 09:43:00.869root 11241100x8000000000000000261126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.869{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a39ae0afb6f5f7ed2023-02-08 09:43:00.869root 11241100x8000000000000000261125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.869{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f4e2480992a0d22023-02-08 09:43:00.869root 11241100x8000000000000000261124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.869{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb0954d3b799f0332023-02-08 09:43:00.869root 11241100x8000000000000000261123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.869{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.932672ec25841a502023-02-08 09:43:00.869root 11241100x8000000000000000261122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.869{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae57354db700c78d2023-02-08 09:43:00.869root 11241100x8000000000000000261121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.869{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b256be55d0ad265f2023-02-08 09:43:00.869root 11241100x8000000000000000261120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.869{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b0a138d488f18be2023-02-08 09:43:00.869root 11241100x8000000000000000261119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.869{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0577b6f705cc64be2023-02-08 09:43:00.869root 11241100x8000000000000000261132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.870{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8213b562cb3b6d652023-02-08 09:43:00.870root 11241100x8000000000000000261131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.870{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b72cc2693a666fb22023-02-08 09:43:00.870root 11241100x8000000000000000261130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.870{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2424b3e07cdf392023-02-08 09:43:00.870root 11241100x8000000000000000261129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.870{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3008257ad8c029662023-02-08 09:43:00.870root 11241100x8000000000000000261133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.871{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aec6ee6c62629e292023-02-08 09:43:00.871root 11241100x8000000000000000261140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.872{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ff33a70186fadb02023-02-08 09:43:00.872root 11241100x8000000000000000261139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.872{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b99e596bc9012d2023-02-08 09:43:00.872root 11241100x8000000000000000261138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.872{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c79e1330ecdb088d2023-02-08 09:43:00.872root 11241100x8000000000000000261137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.872{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f44d4b4d35702182023-02-08 09:43:00.872root 11241100x8000000000000000261136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.872{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4141222a51fb7d62023-02-08 09:43:00.872root 11241100x8000000000000000261135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.872{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cffb6417e7bc2d002023-02-08 09:43:00.872root 11241100x8000000000000000261134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.872{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d6dc42ece41a312023-02-08 09:43:00.872root 11241100x8000000000000000261141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.874{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18dd629ac6a736c2023-02-08 09:43:00.874root 534500x8000000000000000261142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.890{ec2a0601-6ea4-63e3-6844-c62ec0550000}5804/bin/psroot 11241100x8000000000000000261146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0acf0c76822d243f2023-02-08 09:43:01.234root 11241100x8000000000000000261145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ba1150d647581f2023-02-08 09:43:01.234root 11241100x8000000000000000261144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f902d2a5a2dfc3db2023-02-08 09:43:01.234root 11241100x8000000000000000261143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e602037dfd4607f2023-02-08 09:43:01.234root 11241100x8000000000000000261154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.477c66fefd2cee972023-02-08 09:43:01.235root 11241100x8000000000000000261153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5db95807b08c40ef2023-02-08 09:43:01.235root 11241100x8000000000000000261152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d302c728d6038c72023-02-08 09:43:01.235root 11241100x8000000000000000261151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad4e7d730b1bfaba2023-02-08 09:43:01.235root 11241100x8000000000000000261150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e23e1afa1075701f2023-02-08 09:43:01.235root 11241100x8000000000000000261149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47bbdf54f02194e42023-02-08 09:43:01.235root 11241100x8000000000000000261148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ead6384f13da77112023-02-08 09:43:01.235root 11241100x8000000000000000261147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.589f54f049ac5f502023-02-08 09:43:01.235root 11241100x8000000000000000261162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1787eaf3382c006c2023-02-08 09:43:01.236root 11241100x8000000000000000261161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e303f9e998926a72023-02-08 09:43:01.236root 11241100x8000000000000000261160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b89e62437c69fe1b2023-02-08 09:43:01.236root 11241100x8000000000000000261159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.066d576f48190c0b2023-02-08 09:43:01.236root 11241100x8000000000000000261158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aadac77681982cd2023-02-08 09:43:01.236root 11241100x8000000000000000261157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76bb07aee9d866252023-02-08 09:43:01.236root 11241100x8000000000000000261156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbfc75c98327b5e52023-02-08 09:43:01.236root 11241100x8000000000000000261155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e2f36e08f0fff452023-02-08 09:43:01.236root 11241100x8000000000000000261170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51792b13e17aad4b2023-02-08 09:43:01.237root 11241100x8000000000000000261169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8cc5a72980bb0c92023-02-08 09:43:01.237root 11241100x8000000000000000261168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0fcf3bb7e9b80432023-02-08 09:43:01.237root 11241100x8000000000000000261167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c15c88728461eba2023-02-08 09:43:01.237root 11241100x8000000000000000261166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1388a75b8a0cf9382023-02-08 09:43:01.237root 11241100x8000000000000000261165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a6369316bb69092023-02-08 09:43:01.237root 11241100x8000000000000000261164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c2faf46cc946c72023-02-08 09:43:01.237root 11241100x8000000000000000261163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64f9865cf3c728222023-02-08 09:43:01.237root 11241100x8000000000000000261179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d54f6a6da50f2ef2023-02-08 09:43:01.735root 11241100x8000000000000000261178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d001449d7d93b8612023-02-08 09:43:01.735root 11241100x8000000000000000261177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a0f4f591a4884a62023-02-08 09:43:01.735root 11241100x8000000000000000261176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1357e48b6d9a38292023-02-08 09:43:01.735root 11241100x8000000000000000261175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.007dddc2b245b6312023-02-08 09:43:01.735root 11241100x8000000000000000261174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d820853d36a0a72023-02-08 09:43:01.735root 11241100x8000000000000000261173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548b4b992baaaaf62023-02-08 09:43:01.735root 11241100x8000000000000000261172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71dc0611aaa9b4f2023-02-08 09:43:01.735root 11241100x8000000000000000261171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4999a2cd965e1352023-02-08 09:43:01.735root 11241100x8000000000000000261188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67ea6a87c5c93dd52023-02-08 09:43:01.736root 11241100x8000000000000000261187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94b6284c39f818422023-02-08 09:43:01.736root 11241100x8000000000000000261186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4e6060bc3bc5bd52023-02-08 09:43:01.736root 11241100x8000000000000000261185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f920b4b69cdf24f72023-02-08 09:43:01.736root 11241100x8000000000000000261184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5b28867fa55ed3f2023-02-08 09:43:01.736root 11241100x8000000000000000261183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce180f16e42045ac2023-02-08 09:43:01.736root 11241100x8000000000000000261182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b45afaf7c572862023-02-08 09:43:01.736root 11241100x8000000000000000261181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40456466c04bc74a2023-02-08 09:43:01.736root 11241100x8000000000000000261180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccc79c59635324582023-02-08 09:43:01.736root 11241100x8000000000000000261197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.300af0890fe593962023-02-08 09:43:01.737root 11241100x8000000000000000261196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.995df8b4631433f62023-02-08 09:43:01.737root 11241100x8000000000000000261195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9463069297b83c122023-02-08 09:43:01.737root 11241100x8000000000000000261194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc0b3b822fc6ebff2023-02-08 09:43:01.737root 11241100x8000000000000000261193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fc77386de1d71202023-02-08 09:43:01.737root 11241100x8000000000000000261192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff471ae3a54cdfed2023-02-08 09:43:01.737root 11241100x8000000000000000261191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba7ad14f285a64a2023-02-08 09:43:01.737root 11241100x8000000000000000261190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e32e852ba1d886be2023-02-08 09:43:01.737root 11241100x8000000000000000261189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7239c48566738e82023-02-08 09:43:01.737root 11241100x8000000000000000261198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e259f556eef08ba2023-02-08 09:43:01.738root 11241100x8000000000000000261203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab6f3a2a0fa38802023-02-08 09:43:02.234root 11241100x8000000000000000261202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee1de08221103ed2023-02-08 09:43:02.234root 11241100x8000000000000000261201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc61803d0cdbc0262023-02-08 09:43:02.234root 11241100x8000000000000000261200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dfb87fa8170d7132023-02-08 09:43:02.234root 11241100x8000000000000000261199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f3dbecc344e40e2023-02-08 09:43:02.234root 11241100x8000000000000000261213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23c32a72d5f586352023-02-08 09:43:02.235root 11241100x8000000000000000261212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8995b29c1a7c60122023-02-08 09:43:02.235root 11241100x8000000000000000261211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56c6fb5c712f5a262023-02-08 09:43:02.235root 11241100x8000000000000000261210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.242f0a2d11d133492023-02-08 09:43:02.235root 11241100x8000000000000000261209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c4fb2207d532c22023-02-08 09:43:02.235root 11241100x8000000000000000261208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e11da8cade6d2962023-02-08 09:43:02.235root 11241100x8000000000000000261207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b6d990bcd4f358e2023-02-08 09:43:02.235root 11241100x8000000000000000261206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcff2cefa3c39f5f2023-02-08 09:43:02.235root 11241100x8000000000000000261205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e3bfa31a93f6c92023-02-08 09:43:02.235root 11241100x8000000000000000261204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f72285ee0e40a3e2023-02-08 09:43:02.235root 11241100x8000000000000000261228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0288a26af564273b2023-02-08 09:43:02.236root 11241100x8000000000000000261227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bbb0810475678952023-02-08 09:43:02.236root 11241100x8000000000000000261226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8b9a470b6376def2023-02-08 09:43:02.236root 11241100x8000000000000000261225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f6935a562494e442023-02-08 09:43:02.236root 11241100x8000000000000000261224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa19fe8df47c39ff2023-02-08 09:43:02.236root 11241100x8000000000000000261223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e836de9d24f9a4ed2023-02-08 09:43:02.236root 11241100x8000000000000000261222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ece2012356d0abb82023-02-08 09:43:02.236root 11241100x8000000000000000261221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afed7782ab6254582023-02-08 09:43:02.236root 11241100x8000000000000000261220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24372ae5e5f774d22023-02-08 09:43:02.236root 11241100x8000000000000000261219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a26703f690f11382023-02-08 09:43:02.236root 11241100x8000000000000000261218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67ea1e7d22bdf8342023-02-08 09:43:02.236root 11241100x8000000000000000261217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be8c08945e14a602023-02-08 09:43:02.236root 11241100x8000000000000000261216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428321e33b32cc5e2023-02-08 09:43:02.236root 11241100x8000000000000000261215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39008af5ae10ceef2023-02-08 09:43:02.236root 11241100x8000000000000000261214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a4cec819b8b8c82023-02-08 09:43:02.236root 11241100x8000000000000000261229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76664e94cec4e752023-02-08 09:43:02.237root 11241100x8000000000000000261235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.039a8bf95ccf9b182023-02-08 09:43:02.734root 11241100x8000000000000000261234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ed669235fec3d8a2023-02-08 09:43:02.734root 11241100x8000000000000000261233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcf51db97c38f88f2023-02-08 09:43:02.734root 11241100x8000000000000000261232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a74b89dd6abed8562023-02-08 09:43:02.734root 11241100x8000000000000000261231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.643778aaa442b7492023-02-08 09:43:02.734root 11241100x8000000000000000261230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce6201a95d3f7ae62023-02-08 09:43:02.734root 11241100x8000000000000000261244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24cd89b75b8975212023-02-08 09:43:02.735root 11241100x8000000000000000261243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b2237cc5ed7e5a92023-02-08 09:43:02.735root 11241100x8000000000000000261242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f56de99cb02acb9f2023-02-08 09:43:02.735root 11241100x8000000000000000261241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f1455a0d2135fed2023-02-08 09:43:02.735root 11241100x8000000000000000261240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.467d1ba8155f10ab2023-02-08 09:43:02.735root 11241100x8000000000000000261239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.382dff8e4919392e2023-02-08 09:43:02.735root 11241100x8000000000000000261238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c3026151d336e582023-02-08 09:43:02.735root 11241100x8000000000000000261237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da82fe7fe0d91132023-02-08 09:43:02.735root 11241100x8000000000000000261236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89682b24f83542bf2023-02-08 09:43:02.735root 11241100x8000000000000000261257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cefe3886538c5b882023-02-08 09:43:02.736root 11241100x8000000000000000261256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.606295cd9430ee7d2023-02-08 09:43:02.736root 11241100x8000000000000000261255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368cc9e5213aa9392023-02-08 09:43:02.736root 11241100x8000000000000000261254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c583fbbde194bc572023-02-08 09:43:02.736root 11241100x8000000000000000261253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4bb8e597009f3692023-02-08 09:43:02.736root 11241100x8000000000000000261252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52dee6d3975a7d772023-02-08 09:43:02.736root 11241100x8000000000000000261251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74a7c0250b86a5c22023-02-08 09:43:02.736root 11241100x8000000000000000261250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.011894231bcc489d2023-02-08 09:43:02.736root 11241100x8000000000000000261249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.763e8de2655462942023-02-08 09:43:02.736root 11241100x8000000000000000261248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2547550fe7c2f5d22023-02-08 09:43:02.736root 11241100x8000000000000000261247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d19af1e708ee9292023-02-08 09:43:02.736root 11241100x8000000000000000261246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84c462338a6da7ec2023-02-08 09:43:02.736root 11241100x8000000000000000261245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.816b7681a703963b2023-02-08 09:43:02.736root 11241100x8000000000000000261263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93577a0fff17706d2023-02-08 09:43:02.737root 11241100x8000000000000000261262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d12a819e6d5b3102023-02-08 09:43:02.737root 11241100x8000000000000000261261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8724e816f7bb57832023-02-08 09:43:02.737root 11241100x8000000000000000261260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.239c001d2bae154e2023-02-08 09:43:02.737root 11241100x8000000000000000261259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b2801264dd19422023-02-08 09:43:02.737root 11241100x8000000000000000261258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5379de2b1d5e713f2023-02-08 09:43:02.737root 11241100x8000000000000000261272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a0db7289cd4b8742023-02-08 09:43:02.738root 11241100x8000000000000000261271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e51aac11820b79272023-02-08 09:43:02.738root 11241100x8000000000000000261270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f7c410278c651072023-02-08 09:43:02.738root 11241100x8000000000000000261269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b891d26c19b2c37d2023-02-08 09:43:02.738root 11241100x8000000000000000261268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed1a28550b8ae682023-02-08 09:43:02.738root 11241100x8000000000000000261267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a8f2bfcd7fb1e602023-02-08 09:43:02.738root 11241100x8000000000000000261266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4b5482b90906c082023-02-08 09:43:02.738root 11241100x8000000000000000261265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ecbbae48bdc1a2b2023-02-08 09:43:02.738root 11241100x8000000000000000261264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d7cf87cab5b8ba22023-02-08 09:43:02.738root 11241100x8000000000000000261281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7305cb802f102702023-02-08 09:43:03.235root 11241100x8000000000000000261280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ebb5a3dabc8bad42023-02-08 09:43:03.235root 11241100x8000000000000000261279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75002e2898e86cfb2023-02-08 09:43:03.235root 11241100x8000000000000000261278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f21ea03fd16f11bf2023-02-08 09:43:03.235root 11241100x8000000000000000261277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.844291f5122ddefa2023-02-08 09:43:03.235root 11241100x8000000000000000261276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4311cd2572f9431c2023-02-08 09:43:03.235root 11241100x8000000000000000261275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.231919dd5f1c37162023-02-08 09:43:03.235root 11241100x8000000000000000261274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9673a4949103ed912023-02-08 09:43:03.235root 11241100x8000000000000000261273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1320db3aa272b7a2023-02-08 09:43:03.235root 11241100x8000000000000000261290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f046702d40ae6ce32023-02-08 09:43:03.236root 11241100x8000000000000000261289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f02a376f9eba0f722023-02-08 09:43:03.236root 11241100x8000000000000000261288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b1d79c18665f7b2023-02-08 09:43:03.236root 11241100x8000000000000000261287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3251c237c46bf9662023-02-08 09:43:03.236root 11241100x8000000000000000261286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d10341dbb53f4d82023-02-08 09:43:03.236root 11241100x8000000000000000261285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c1d4e2dd9cb532b2023-02-08 09:43:03.236root 11241100x8000000000000000261284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10db8e87b9db33e62023-02-08 09:43:03.236root 11241100x8000000000000000261283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2147ddf9195711e2023-02-08 09:43:03.236root 11241100x8000000000000000261282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ed80e85868abf42023-02-08 09:43:03.236root 11241100x8000000000000000261300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e07227d60eaf7d2023-02-08 09:43:03.237root 11241100x8000000000000000261299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75927f073efa32b52023-02-08 09:43:03.237root 11241100x8000000000000000261298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.324e07cd837ff35c2023-02-08 09:43:03.237root 11241100x8000000000000000261297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.119f4ddc6cb225cd2023-02-08 09:43:03.237root 11241100x8000000000000000261296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a6e08af7c4e2d5d2023-02-08 09:43:03.237root 11241100x8000000000000000261295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ad9ffbdd086e0162023-02-08 09:43:03.237root 11241100x8000000000000000261294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c1b411bb6e9d0a2023-02-08 09:43:03.237root 11241100x8000000000000000261293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c0d4788d40a0a22023-02-08 09:43:03.237root 11241100x8000000000000000261292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa6bfdf59fb107fd2023-02-08 09:43:03.237root 11241100x8000000000000000261291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39e1caad9ad6641c2023-02-08 09:43:03.237root 11241100x8000000000000000261302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52088f0e42cf4fd12023-02-08 09:43:03.734root 11241100x8000000000000000261301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c193c2d4b144542023-02-08 09:43:03.734root 11241100x8000000000000000261313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe8832d5508cb6632023-02-08 09:43:03.735root 11241100x8000000000000000261312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f40eb5962802ff62023-02-08 09:43:03.735root 11241100x8000000000000000261311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6753d0790090c1152023-02-08 09:43:03.735root 11241100x8000000000000000261310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe8819f7d61270472023-02-08 09:43:03.735root 11241100x8000000000000000261309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b6d8af399d4ba42023-02-08 09:43:03.735root 11241100x8000000000000000261308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe597bab356f1392023-02-08 09:43:03.735root 11241100x8000000000000000261307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b19f9666475fcc2023-02-08 09:43:03.735root 11241100x8000000000000000261306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a8247b4fa57cbdf2023-02-08 09:43:03.735root 11241100x8000000000000000261305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a6cbb14cf426942023-02-08 09:43:03.735root 11241100x8000000000000000261304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2631d6b6f56342ef2023-02-08 09:43:03.735root 11241100x8000000000000000261303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.384d279b9464bef82023-02-08 09:43:03.735root 11241100x8000000000000000261324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c7d5e683e69ce42023-02-08 09:43:03.736root 11241100x8000000000000000261323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b3d34fbf3ff0dae2023-02-08 09:43:03.736root 11241100x8000000000000000261322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b01edc2c135ef7322023-02-08 09:43:03.736root 11241100x8000000000000000261321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c96afcfac19cc6392023-02-08 09:43:03.736root 11241100x8000000000000000261320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0485719d8d993b72023-02-08 09:43:03.736root 11241100x8000000000000000261319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b7170bf88202ed92023-02-08 09:43:03.736root 11241100x8000000000000000261318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.418cedeec8012db32023-02-08 09:43:03.736root 11241100x8000000000000000261317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c9b2ee7e649d9c42023-02-08 09:43:03.736root 11241100x8000000000000000261316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e53e7a7c8c1ce6bd2023-02-08 09:43:03.736root 11241100x8000000000000000261315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49d6853728cd15412023-02-08 09:43:03.736root 11241100x8000000000000000261314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b3899386c6feedf2023-02-08 09:43:03.736root 11241100x8000000000000000261328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12fc0bc13942e292023-02-08 09:43:03.737root 11241100x8000000000000000261327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f617cf182570b5a2023-02-08 09:43:03.737root 11241100x8000000000000000261326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a022299d045a72842023-02-08 09:43:03.737root 11241100x8000000000000000261325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da16ab64ccd3e2b92023-02-08 09:43:03.737root 11241100x8000000000000000261331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26828a493f2cda882023-02-08 09:43:04.234root 11241100x8000000000000000261330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dc36d5f33d48baf2023-02-08 09:43:04.234root 11241100x8000000000000000261329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d36159defc3bce652023-02-08 09:43:04.234root 11241100x8000000000000000261343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83fc553478b8630e2023-02-08 09:43:04.235root 11241100x8000000000000000261342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1207aa39187ef4c2023-02-08 09:43:04.235root 11241100x8000000000000000261341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.514f9a3dd195431b2023-02-08 09:43:04.235root 11241100x8000000000000000261340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d22ac43e3cb5392023-02-08 09:43:04.235root 11241100x8000000000000000261339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e0a3adae5ecbf742023-02-08 09:43:04.235root 11241100x8000000000000000261338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cef71afbcb285fa2023-02-08 09:43:04.235root 11241100x8000000000000000261337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81cc5c2099cd56922023-02-08 09:43:04.235root 11241100x8000000000000000261336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5784321df67be522023-02-08 09:43:04.235root 11241100x8000000000000000261335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.625194215919ca682023-02-08 09:43:04.235root 11241100x8000000000000000261334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9990e738ac8402332023-02-08 09:43:04.235root 11241100x8000000000000000261333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a849bf64c6463562023-02-08 09:43:04.235root 11241100x8000000000000000261332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136f2b58f48761482023-02-08 09:43:04.235root 11241100x8000000000000000261354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ed4cf7181bed402023-02-08 09:43:04.236root 11241100x8000000000000000261353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c839038822df97352023-02-08 09:43:04.236root 11241100x8000000000000000261352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b480e2d83ace5a2023-02-08 09:43:04.236root 11241100x8000000000000000261351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d79423e0e8891ec82023-02-08 09:43:04.236root 11241100x8000000000000000261350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d603317091159932023-02-08 09:43:04.236root 11241100x8000000000000000261349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c9192e82a37d43b2023-02-08 09:43:04.236root 11241100x8000000000000000261348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aec43de4e22f449a2023-02-08 09:43:04.236root 11241100x8000000000000000261347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec28ac0f7c1fb9742023-02-08 09:43:04.236root 11241100x8000000000000000261346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cca0dea0b4beb9c2023-02-08 09:43:04.236root 11241100x8000000000000000261345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ba6713a3d13e8b72023-02-08 09:43:04.236root 11241100x8000000000000000261344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f30832aeb7a4dc492023-02-08 09:43:04.236root 11241100x8000000000000000261360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1073f2db0c23b6ae2023-02-08 09:43:04.237root 11241100x8000000000000000261359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.497aa37ad7591b0f2023-02-08 09:43:04.237root 11241100x8000000000000000261358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0724063721226912023-02-08 09:43:04.237root 11241100x8000000000000000261357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8447614bf617f7ee2023-02-08 09:43:04.237root 11241100x8000000000000000261356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc45195b89eb2f32023-02-08 09:43:04.237root 11241100x8000000000000000261355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d898be26933d5a12023-02-08 09:43:04.237root 11241100x8000000000000000261369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9578fea200bc6ad2023-02-08 09:43:04.734root 11241100x8000000000000000261368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db106c35d25fb632023-02-08 09:43:04.734root 11241100x8000000000000000261367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1566ed566e5345282023-02-08 09:43:04.734root 11241100x8000000000000000261366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2dca9893af8facb2023-02-08 09:43:04.734root 11241100x8000000000000000261365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff4523c020c6c092023-02-08 09:43:04.734root 11241100x8000000000000000261364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a231cf6a1161ecff2023-02-08 09:43:04.734root 11241100x8000000000000000261363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d5a19b0ce5fd8702023-02-08 09:43:04.734root 11241100x8000000000000000261362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89cac20f4488da3e2023-02-08 09:43:04.734root 11241100x8000000000000000261361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb979050a80f0cfd2023-02-08 09:43:04.734root 11241100x8000000000000000261377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dd4a00cf4d9addd2023-02-08 09:43:04.735root 11241100x8000000000000000261376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11df9e5fc6977f242023-02-08 09:43:04.735root 11241100x8000000000000000261375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7bf360b048a62032023-02-08 09:43:04.735root 11241100x8000000000000000261374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6138a502976a8a02023-02-08 09:43:04.735root 11241100x8000000000000000261373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f203f6a7cf411002023-02-08 09:43:04.735root 11241100x8000000000000000261372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a6aed7c465882a62023-02-08 09:43:04.735root 11241100x8000000000000000261371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf796b5bb2fe030c2023-02-08 09:43:04.735root 11241100x8000000000000000261370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4495e3c1f771712023-02-08 09:43:04.735root 11241100x8000000000000000261387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d629f1e2dfc4d6af2023-02-08 09:43:04.736root 11241100x8000000000000000261386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d7de3221fecd8d02023-02-08 09:43:04.736root 11241100x8000000000000000261385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98284fa1219cc4dd2023-02-08 09:43:04.736root 11241100x8000000000000000261384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.523e79c7ff7dfecc2023-02-08 09:43:04.736root 11241100x8000000000000000261383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9b3dd96623773e22023-02-08 09:43:04.736root 11241100x8000000000000000261382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7ff5bdaf3d830cc2023-02-08 09:43:04.736root 11241100x8000000000000000261381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71081d2ae27176c02023-02-08 09:43:04.736root 11241100x8000000000000000261380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f985ebff709e082023-02-08 09:43:04.736root 11241100x8000000000000000261379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d02e8380bba4f6ea2023-02-08 09:43:04.736root 11241100x8000000000000000261378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95fe513fea22e2912023-02-08 09:43:04.736root 11241100x8000000000000000261389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b80a32a9721667182023-02-08 09:43:04.737root 11241100x8000000000000000261388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfd52586f4a4a7db2023-02-08 09:43:04.737root 11241100x8000000000000000261395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f79a747768167102023-02-08 09:43:04.738root 11241100x8000000000000000261394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.807262fc136056302023-02-08 09:43:04.738root 11241100x8000000000000000261393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b1f190911e3ed2b2023-02-08 09:43:04.738root 11241100x8000000000000000261392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b55cf0b45e7085852023-02-08 09:43:04.738root 11241100x8000000000000000261391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.553ceb9255b763e82023-02-08 09:43:04.738root 11241100x8000000000000000261390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5bf795e9df54c962023-02-08 09:43:04.738root 11241100x8000000000000000261400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8b2843b134b4022023-02-08 09:43:04.739root 11241100x8000000000000000261399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c97f60558ae97a2023-02-08 09:43:04.739root 11241100x8000000000000000261398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f73108c1ec4d4f2023-02-08 09:43:04.739root 11241100x8000000000000000261397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140bc017b054c7d02023-02-08 09:43:04.739root 11241100x8000000000000000261396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1365ffff36322e012023-02-08 09:43:04.739root 11241100x8000000000000000261404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbc35ee612ec35e92023-02-08 09:43:04.740root 11241100x8000000000000000261403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4273aacf90a3841f2023-02-08 09:43:04.740root 11241100x8000000000000000261402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.058fbeba97a456cb2023-02-08 09:43:04.740root 11241100x8000000000000000261401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5adc38f6d28526b2023-02-08 09:43:04.740root 11241100x8000000000000000261407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ecf6b4fc7a5ba62023-02-08 09:43:04.741root 11241100x8000000000000000261406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18494ce451c9a25a2023-02-08 09:43:04.741root 11241100x8000000000000000261405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f45bb24438ea3022023-02-08 09:43:04.741root 11241100x8000000000000000261415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.792e3061f7837ad12023-02-08 09:43:04.742root 11241100x8000000000000000261414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b8869d58a85db902023-02-08 09:43:04.742root 11241100x8000000000000000261413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f021c2420fed0e02023-02-08 09:43:04.742root 11241100x8000000000000000261412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed073025295224a92023-02-08 09:43:04.742root 11241100x8000000000000000261411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.937d7aa490b8ec3e2023-02-08 09:43:04.742root 11241100x8000000000000000261410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75f97d826c17d4e92023-02-08 09:43:04.742root 11241100x8000000000000000261409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9699cf609be3a3362023-02-08 09:43:04.742root 11241100x8000000000000000261408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.288a777c45f9b79e2023-02-08 09:43:04.742root 354300x8000000000000000261416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.064{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-41906-false10.0.1.12-8000- 11241100x8000000000000000261420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.065{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc977cf628af9b9c2023-02-08 09:43:05.065root 11241100x8000000000000000261419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.065{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e095b80217f46b4a2023-02-08 09:43:05.065root 11241100x8000000000000000261418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.065{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.312022e7fe8c107e2023-02-08 09:43:05.065root 11241100x8000000000000000261417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.065{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d95a1aae95c22642023-02-08 09:43:05.065root 11241100x8000000000000000261423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.066{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4cb2af87d03cd072023-02-08 09:43:05.066root 11241100x8000000000000000261422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.066{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de3b41f7326152a12023-02-08 09:43:05.066root 11241100x8000000000000000261421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.066{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d489aeb476d799b62023-02-08 09:43:05.066root 11241100x8000000000000000261432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.067{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7865fbe28ba08502023-02-08 09:43:05.067root 11241100x8000000000000000261431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.067{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c1152f13002a052023-02-08 09:43:05.067root 11241100x8000000000000000261430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.067{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.262e6e59d2e0ca642023-02-08 09:43:05.067root 11241100x8000000000000000261429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.067{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80a519ecbccb708c2023-02-08 09:43:05.067root 11241100x8000000000000000261428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.067{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65dd2f98b1dc19ee2023-02-08 09:43:05.067root 11241100x8000000000000000261427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.067{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d261e51ad88486d2023-02-08 09:43:05.067root 11241100x8000000000000000261426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.067{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a9ababb6146f3c32023-02-08 09:43:05.067root 11241100x8000000000000000261425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.067{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.286bcd7e5e7251862023-02-08 09:43:05.067root 11241100x8000000000000000261424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.067{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01803aca7782d7782023-02-08 09:43:05.067root 11241100x8000000000000000261438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.068{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd141d493b4f8cc2023-02-08 09:43:05.068root 11241100x8000000000000000261437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.068{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd35e4ecbce149a72023-02-08 09:43:05.068root 11241100x8000000000000000261436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.068{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9a878b105da66f2023-02-08 09:43:05.068root 11241100x8000000000000000261435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.068{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a55d9ec519012bd2023-02-08 09:43:05.068root 11241100x8000000000000000261434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.068{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8635bc26c374d81a2023-02-08 09:43:05.068root 11241100x8000000000000000261433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.068{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22d1b2944af65f8b2023-02-08 09:43:05.068root 11241100x8000000000000000261442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.069{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25c8c2e89156fa192023-02-08 09:43:05.069root 11241100x8000000000000000261441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.069{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a249095e6705c62023-02-08 09:43:05.069root 11241100x8000000000000000261440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.069{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b4d1832e047a8522023-02-08 09:43:05.069root 11241100x8000000000000000261439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.069{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecb9568bcf5486752023-02-08 09:43:05.069root 11241100x8000000000000000261451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.070{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e29c42b4f2ca4fe2023-02-08 09:43:05.070root 11241100x8000000000000000261450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.070{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a33387671b11f0652023-02-08 09:43:05.070root 11241100x8000000000000000261449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.070{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52191d335beda3c42023-02-08 09:43:05.070root 11241100x8000000000000000261448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.070{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a84fb92bf47e662023-02-08 09:43:05.070root 11241100x8000000000000000261447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.070{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c141d4f2df29f4572023-02-08 09:43:05.070root 11241100x8000000000000000261446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.070{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d46e15e0bc6d80e2023-02-08 09:43:05.070root 11241100x8000000000000000261445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.070{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1735e1ebd8ec3602023-02-08 09:43:05.070root 11241100x8000000000000000261444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.070{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaf6f17c72532bc42023-02-08 09:43:05.070root 11241100x8000000000000000261443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.070{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98210636f0f620712023-02-08 09:43:05.070root 11241100x8000000000000000261452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.071{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b64f76eb7dff4f0e2023-02-08 09:43:05.071root 11241100x8000000000000000261453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bbff4ae74d512392023-02-08 09:43:05.484root 11241100x8000000000000000261458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbf48edcd53762592023-02-08 09:43:05.485root 11241100x8000000000000000261457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bbba0a0b1cc069f2023-02-08 09:43:05.485root 11241100x8000000000000000261456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa595328d19398f52023-02-08 09:43:05.485root 11241100x8000000000000000261455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e996ecdb01d04df2023-02-08 09:43:05.485root 11241100x8000000000000000261454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73bcb648fa5ab71a2023-02-08 09:43:05.485root 11241100x8000000000000000261462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c01671eedaae7aa2023-02-08 09:43:05.486root 11241100x8000000000000000261461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2abdb665d99cd4ca2023-02-08 09:43:05.486root 11241100x8000000000000000261460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f114c13804ef0ae2023-02-08 09:43:05.486root 11241100x8000000000000000261459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec3454510b837cdd2023-02-08 09:43:05.486root 11241100x8000000000000000261468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.926867b8d3169b0b2023-02-08 09:43:05.487root 11241100x8000000000000000261467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae07bb2f2af452ea2023-02-08 09:43:05.487root 11241100x8000000000000000261466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.050a8e6693b5544b2023-02-08 09:43:05.487root 11241100x8000000000000000261465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecff0a68f016da712023-02-08 09:43:05.487root 11241100x8000000000000000261464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a94c3baf30b9642023-02-08 09:43:05.487root 11241100x8000000000000000261463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b68d34bda9eaafe22023-02-08 09:43:05.487root 11241100x8000000000000000261469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f8e8212f657fe9c2023-02-08 09:43:05.488root 11241100x8000000000000000261475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd558db9c401da2d2023-02-08 09:43:05.489root 11241100x8000000000000000261474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091cb71cfcca0cfd2023-02-08 09:43:05.489root 11241100x8000000000000000261473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40d1d1dd01d6975e2023-02-08 09:43:05.489root 11241100x8000000000000000261472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea625a85dbfdac052023-02-08 09:43:05.489root 11241100x8000000000000000261471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.650a539ba348eaa22023-02-08 09:43:05.489root 11241100x8000000000000000261470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf10b4ad701135da2023-02-08 09:43:05.489root 11241100x8000000000000000261480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb7d651eb5bee4112023-02-08 09:43:05.491root 11241100x8000000000000000261479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.586ea78de3aa55152023-02-08 09:43:05.491root 11241100x8000000000000000261478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb04726631cbbc572023-02-08 09:43:05.491root 11241100x8000000000000000261477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5286209b52fba1e2023-02-08 09:43:05.491root 11241100x8000000000000000261476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f14f01645d1cd75c2023-02-08 09:43:05.491root 11241100x8000000000000000261481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf2d387c2cdefae2023-02-08 09:43:05.492root 11241100x8000000000000000261484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d99e1262d834a92023-02-08 09:43:05.984root 11241100x8000000000000000261483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8207a01591aa982023-02-08 09:43:05.984root 11241100x8000000000000000261482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ff88bd181c1ac52023-02-08 09:43:05.984root 11241100x8000000000000000261490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb72868ad72fed932023-02-08 09:43:05.985root 11241100x8000000000000000261489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32a6fd50427f64f72023-02-08 09:43:05.985root 11241100x8000000000000000261488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a372f90ea9cd8cfc2023-02-08 09:43:05.985root 11241100x8000000000000000261487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f977c4ef171daa2023-02-08 09:43:05.985root 11241100x8000000000000000261486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bca0ea116d96f172023-02-08 09:43:05.985root 11241100x8000000000000000261485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e7e2134534b9b392023-02-08 09:43:05.985root 11241100x8000000000000000261491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e961c296d3d05f972023-02-08 09:43:05.986root 11241100x8000000000000000261499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed30062ffac1b4f22023-02-08 09:43:05.987root 11241100x8000000000000000261498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f0ef9d5cae83742023-02-08 09:43:05.987root 11241100x8000000000000000261497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a6a81e159e8d8b2023-02-08 09:43:05.987root 11241100x8000000000000000261496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ad0b753d7fdf0b2023-02-08 09:43:05.987root 11241100x8000000000000000261495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f86d7817fc96f12023-02-08 09:43:05.987root 11241100x8000000000000000261494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aa9b8773f8b04e92023-02-08 09:43:05.987root 11241100x8000000000000000261493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c79e0ff52701d5f2023-02-08 09:43:05.987root 11241100x8000000000000000261492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a976ba4438a38b2023-02-08 09:43:05.987root 11241100x8000000000000000261514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.535949bc01a798b02023-02-08 09:43:05.988root 11241100x8000000000000000261513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90079d65021a43812023-02-08 09:43:05.988root 11241100x8000000000000000261512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.348426ec33e5bd5b2023-02-08 09:43:05.988root 11241100x8000000000000000261511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e5b3718211d6632023-02-08 09:43:05.988root 11241100x8000000000000000261510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7866a841952655602023-02-08 09:43:05.988root 11241100x8000000000000000261509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c46248a6aa30fc842023-02-08 09:43:05.988root 11241100x8000000000000000261508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c67c011bb63a00d2023-02-08 09:43:05.988root 11241100x8000000000000000261507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ff9a735a164226e2023-02-08 09:43:05.988root 11241100x8000000000000000261506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.338306fbe24477c02023-02-08 09:43:05.988root 11241100x8000000000000000261505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69ee46a4da4041e82023-02-08 09:43:05.988root 11241100x8000000000000000261504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1302561ec4ebb2152023-02-08 09:43:05.988root 11241100x8000000000000000261503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92e415c5eb5e825f2023-02-08 09:43:05.988root 11241100x8000000000000000261502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42c272eaabfb1a422023-02-08 09:43:05.988root 11241100x8000000000000000261501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4cdbb2dd83466782023-02-08 09:43:05.988root 11241100x8000000000000000261500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ec68c4ea21dcfe02023-02-08 09:43:05.988root 11241100x8000000000000000261527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d2b0ffadf5f23ac2023-02-08 09:43:05.989root 11241100x8000000000000000261526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1211fd7dcea1cc02023-02-08 09:43:05.989root 11241100x8000000000000000261525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4599e858c153e472023-02-08 09:43:05.989root 11241100x8000000000000000261524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a337e84dd8ae267f2023-02-08 09:43:05.989root 11241100x8000000000000000261523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f2bae36c262e1d2023-02-08 09:43:05.989root 11241100x8000000000000000261522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d4a339b3a27a232023-02-08 09:43:05.989root 11241100x8000000000000000261521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d1d36d228d8ff92023-02-08 09:43:05.989root 11241100x8000000000000000261520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb2fd385baaedd6e2023-02-08 09:43:05.989root 11241100x8000000000000000261519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ed246ee9d75c0b2023-02-08 09:43:05.989root 11241100x8000000000000000261518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4230a87ab1dbd7d92023-02-08 09:43:05.989root 11241100x8000000000000000261517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b2b891a8acea8872023-02-08 09:43:05.989root 11241100x8000000000000000261516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a83dc4b7d1a450382023-02-08 09:43:05.989root 11241100x8000000000000000261515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d492d2657bff46f02023-02-08 09:43:05.989root 11241100x8000000000000000261532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4cbc515f75041482023-02-08 09:43:05.990root 11241100x8000000000000000261531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.396fcdaf8df740432023-02-08 09:43:05.990root 11241100x8000000000000000261530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f7c2404de260c222023-02-08 09:43:05.990root 11241100x8000000000000000261529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2001b0229784d5762023-02-08 09:43:05.990root 11241100x8000000000000000261528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51936d7c8c4687032023-02-08 09:43:05.990root 11241100x8000000000000000261535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54204cb22954c75c2023-02-08 09:43:06.364root 11241100x8000000000000000261534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6bcbd2346fac1812023-02-08 09:43:06.364root 11241100x8000000000000000261533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.364{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2023-02-08 09:43:06.364root 11241100x8000000000000000261536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa963cc8ef606b092023-02-08 09:43:06.365root 11241100x8000000000000000261540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a34e3c4b9300bd2023-02-08 09:43:06.366root 11241100x8000000000000000261539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.817cd946ad5d46402023-02-08 09:43:06.366root 11241100x8000000000000000261538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5340e36e096e68a22023-02-08 09:43:06.366root 11241100x8000000000000000261537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96133de1c33fdf92023-02-08 09:43:06.366root 11241100x8000000000000000261546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b22015d6626c784a2023-02-08 09:43:06.367root 11241100x8000000000000000261545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74916728b6df4b232023-02-08 09:43:06.367root 11241100x8000000000000000261544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d27abdee8c87f12023-02-08 09:43:06.367root 11241100x8000000000000000261543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40bc1ce631c9d87e2023-02-08 09:43:06.367root 11241100x8000000000000000261542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a43bad5bd2746022023-02-08 09:43:06.367root 11241100x8000000000000000261541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8efd6a4800c3a0fb2023-02-08 09:43:06.367root 11241100x8000000000000000261552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c49c2efbe6c9b63c2023-02-08 09:43:06.368root 11241100x8000000000000000261551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b98f0f3c19dbc3a2023-02-08 09:43:06.368root 11241100x8000000000000000261550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5870fc2f77a134e2023-02-08 09:43:06.368root 11241100x8000000000000000261549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d302ebcc73ce96d42023-02-08 09:43:06.368root 11241100x8000000000000000261548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af1e5bc2219712532023-02-08 09:43:06.368root 11241100x8000000000000000261547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84785ab0e926b01b2023-02-08 09:43:06.368root 11241100x8000000000000000261557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.369{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d00837f9c8e264e2023-02-08 09:43:06.369root 11241100x8000000000000000261556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.369{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef36ab43b03edf082023-02-08 09:43:06.369root 11241100x8000000000000000261555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.369{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a1e1356e6e2014a2023-02-08 09:43:06.369root 11241100x8000000000000000261554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.369{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d607f3afdd91ff72023-02-08 09:43:06.369root 11241100x8000000000000000261553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.369{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47aa7dee054e1a1c2023-02-08 09:43:06.369root 11241100x8000000000000000261563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.370{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e3e6aa8f6766c02023-02-08 09:43:06.370root 11241100x8000000000000000261562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.370{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae707aee17a9e282023-02-08 09:43:06.370root 11241100x8000000000000000261561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.370{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4194af6b242e88102023-02-08 09:43:06.370root 11241100x8000000000000000261560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.370{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de724386bce6108d2023-02-08 09:43:06.370root 11241100x8000000000000000261559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.370{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f8dd6b1553b5f3a2023-02-08 09:43:06.370root 11241100x8000000000000000261558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.370{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec150a650f8016972023-02-08 09:43:06.370root 11241100x8000000000000000261566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.371{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbd6548c63a2fcf42023-02-08 09:43:06.371root 11241100x8000000000000000261565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.371{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b213bf6bcda5bf2023-02-08 09:43:06.371root 11241100x8000000000000000261564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.371{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a9078f1723d3712023-02-08 09:43:06.371root 354300x8000000000000000261567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.708{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-39570-false10.0.1.12-8089- 11241100x8000000000000000261574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.709{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a916276e67aa67d2023-02-08 09:43:06.709root 11241100x8000000000000000261573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.709{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db00e6cf6a2690c2023-02-08 09:43:06.709root 11241100x8000000000000000261572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.709{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b9431417e3a73092023-02-08 09:43:06.709root 11241100x8000000000000000261571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.709{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b2f3b2334930ccc2023-02-08 09:43:06.709root 11241100x8000000000000000261570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.709{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b0b1569a7d75fcd2023-02-08 09:43:06.709root 11241100x8000000000000000261569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.709{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5575f02264bb1532023-02-08 09:43:06.709root 11241100x8000000000000000261568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.709{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1563c697349b6bc2023-02-08 09:43:06.709root 11241100x8000000000000000261590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.710{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9990cf6e6c6370b32023-02-08 09:43:06.710root 11241100x8000000000000000261589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.710{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5500f4003592cc22023-02-08 09:43:06.710root 11241100x8000000000000000261588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.710{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7503b9fd5c7a9f52023-02-08 09:43:06.710root 11241100x8000000000000000261587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.710{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79e92c4281424cf22023-02-08 09:43:06.710root 11241100x8000000000000000261586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.710{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.761e41d5659802d62023-02-08 09:43:06.710root 11241100x8000000000000000261585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.710{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.706f0f87e66a31b12023-02-08 09:43:06.710root 11241100x8000000000000000261584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.710{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b97a48e16e72ac272023-02-08 09:43:06.710root 11241100x8000000000000000261583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.710{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f06345ccf667be72023-02-08 09:43:06.710root 11241100x8000000000000000261582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.710{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea71f8d7c1a0506a2023-02-08 09:43:06.710root 11241100x8000000000000000261581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.710{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07983ec1f89a26332023-02-08 09:43:06.710root 11241100x8000000000000000261580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.710{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d52ac829d9efeee2023-02-08 09:43:06.710root 11241100x8000000000000000261579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.710{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6036a6420452fa6b2023-02-08 09:43:06.710root 11241100x8000000000000000261578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.710{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3628901d2818c6422023-02-08 09:43:06.710root 11241100x8000000000000000261577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.710{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a4e9fc0c2122cf2023-02-08 09:43:06.710root 11241100x8000000000000000261576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.710{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5db2a8bc420c8bb82023-02-08 09:43:06.710root 11241100x8000000000000000261575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.710{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd5b2ba396827f092023-02-08 09:43:06.710root 11241100x8000000000000000261603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.711{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4a13c84c6b23e452023-02-08 09:43:06.711root 11241100x8000000000000000261602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.711{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91b1d2abcf6ce4722023-02-08 09:43:06.711root 11241100x8000000000000000261601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.711{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2cde194fb40d0ea2023-02-08 09:43:06.711root 11241100x8000000000000000261600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.711{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb6ce73d34c5931a2023-02-08 09:43:06.711root 11241100x8000000000000000261599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.711{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8108f284e5135ad72023-02-08 09:43:06.711root 11241100x8000000000000000261598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.711{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e27c44da70bf382023-02-08 09:43:06.711root 11241100x8000000000000000261597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.711{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43440b3524e0f1212023-02-08 09:43:06.711root 11241100x8000000000000000261596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.711{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f289df94c7c21da2023-02-08 09:43:06.711root 11241100x8000000000000000261595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.711{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7abde82befe78c12023-02-08 09:43:06.711root 11241100x8000000000000000261594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.711{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce1d0a3c8fdac5d2023-02-08 09:43:06.711root 11241100x8000000000000000261593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.711{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0cd97b62204b76a2023-02-08 09:43:06.711root 11241100x8000000000000000261592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.711{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc99a558a41d38c92023-02-08 09:43:06.711root 11241100x8000000000000000261591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.711{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13bd518ffb21e36e2023-02-08 09:43:06.711root 11241100x8000000000000000261608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.febe70f4ff5cc27c2023-02-08 09:43:06.985root 11241100x8000000000000000261607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22d8269e677b842f2023-02-08 09:43:06.985root 11241100x8000000000000000261606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b9b3ae5d8fb65322023-02-08 09:43:06.985root 11241100x8000000000000000261605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d7516e1952091d2023-02-08 09:43:06.985root 11241100x8000000000000000261604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f738baab1cf42c2023-02-08 09:43:06.985root 11241100x8000000000000000261614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca357b333835c6f42023-02-08 09:43:06.986root 11241100x8000000000000000261613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881e95dab9a59b2f2023-02-08 09:43:06.986root 11241100x8000000000000000261612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a723bb8a5f9e850f2023-02-08 09:43:06.986root 11241100x8000000000000000261611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1223396af335d6f62023-02-08 09:43:06.986root 11241100x8000000000000000261610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7713ae83cf9bd3f32023-02-08 09:43:06.986root 11241100x8000000000000000261609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07e02773e60f6b2c2023-02-08 09:43:06.986root 11241100x8000000000000000261626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1315c9e58c3925e2023-02-08 09:43:06.987root 11241100x8000000000000000261625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dbd9d2abf03f0fe2023-02-08 09:43:06.987root 11241100x8000000000000000261624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1f54521e0508e62023-02-08 09:43:06.987root 11241100x8000000000000000261623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df7a3c685fb2a802023-02-08 09:43:06.987root 11241100x8000000000000000261622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b364774c20941e2023-02-08 09:43:06.987root 11241100x8000000000000000261621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6224f8ea7cd405002023-02-08 09:43:06.987root 11241100x8000000000000000261620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d98658e602f76062023-02-08 09:43:06.987root 11241100x8000000000000000261619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a4926c46c604a02023-02-08 09:43:06.987root 11241100x8000000000000000261618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e189f5cf112994912023-02-08 09:43:06.987root 11241100x8000000000000000261617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecbc0528a9d6dd202023-02-08 09:43:06.987root 11241100x8000000000000000261616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bed791377c0140e22023-02-08 09:43:06.987root 11241100x8000000000000000261615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e87c1fe283827a2023-02-08 09:43:06.987root 11241100x8000000000000000261633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.222ecb8e068c3ac32023-02-08 09:43:06.988root 11241100x8000000000000000261632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aae5857a2f5ddb032023-02-08 09:43:06.988root 11241100x8000000000000000261631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c001acf2aa34989a2023-02-08 09:43:06.988root 11241100x8000000000000000261630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45510fc5aec3102f2023-02-08 09:43:06.988root 11241100x8000000000000000261629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.094d7d6b2912c09a2023-02-08 09:43:06.988root 11241100x8000000000000000261628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5fc94899fd2f3fe2023-02-08 09:43:06.988root 11241100x8000000000000000261627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db48220ffd7e84b02023-02-08 09:43:06.988root 11241100x8000000000000000261634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24987659d927fe0c2023-02-08 09:43:06.989root 11241100x8000000000000000261635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02ddfa0a6b996d4e2023-02-08 09:43:07.484root 11241100x8000000000000000261639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe801a30573d5c92023-02-08 09:43:07.485root 11241100x8000000000000000261638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4af6811d34807312023-02-08 09:43:07.485root 11241100x8000000000000000261637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267cf941f5548e042023-02-08 09:43:07.485root 11241100x8000000000000000261636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c0f2845c6d5c532023-02-08 09:43:07.485root 11241100x8000000000000000261650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a49a87b6589fe0052023-02-08 09:43:07.486root 11241100x8000000000000000261649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7bc4fcd80b788622023-02-08 09:43:07.486root 11241100x8000000000000000261648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3949bb960c2047882023-02-08 09:43:07.486root 11241100x8000000000000000261647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c38b8a34334aa92c2023-02-08 09:43:07.486root 11241100x8000000000000000261646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.981b47c931d3f43e2023-02-08 09:43:07.486root 11241100x8000000000000000261645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeb1e3cfdadc25b32023-02-08 09:43:07.486root 11241100x8000000000000000261644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0810950e1f211c7a2023-02-08 09:43:07.486root 11241100x8000000000000000261643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a369e14d0908590e2023-02-08 09:43:07.486root 11241100x8000000000000000261642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02774e8b2d3f5c932023-02-08 09:43:07.486root 11241100x8000000000000000261641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.778907d75f43dba32023-02-08 09:43:07.486root 11241100x8000000000000000261640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/